firefox-esr: Multiple vulnerabilities (CVE-2020-6796, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814, CVE-2019-20503)
- CVE-2020-6796: Missing bounds check on shared memory read in the parent process
- CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
- CVE-2020-6800: Memory safety bugs
Fixed In Version:
Firefox ESR 68.5
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/
- CVE-2020-6805: Use-after-free when removing data about origins
- CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
- CVE-2020-6807: Use-after-free in cubeb during stream destruction
- CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
- CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
- CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
- CVE-2020-6814: Memory safety bugs
Fixed In Version:
Firefox ESR 68.6
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
Affected branches:
-
master -
3.11-stable