Mozilla Foundation Security Advisory 2020-25
Security Vulnerabilities fixed in Firefox ESR 68.10
- Announced
- June 30, 2020
- Impact
- high
- Products
- Firefox ESR
- Fixed in
-
- Firefox ESR 68.10
#CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
- Reporter
- Deian Stefan
- Impact
- high
Description
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.
Note: this issue only affects Firefox on ARM64 platforms.
References
#CVE-2020-12418: Information disclosure due to manipulated URL object
- Reporter
- Marcin 'Icewall' Noga of Cisco Talos
- Impact
- high
Description
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript.
References
#CVE-2020-12419: Use-after-free in nsGlobalWindowInner
- Reporter
- worcester12345
- Impact
- high
Description
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash.
References
#CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
- Reporter
- Byron Campen
- Impact
- high
Description
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash.
References
#CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
- Reporter
- Chuck Harmston, Robert Hardy
- Impact
- moderate
Description
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user.