#13354 closed enhancement (fixed)
firefox-68.6.1 (0days: CVE-2020-6819 CVE-2020-6820)
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | highest | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Mozilla Foundation Security Advisory 2020-11
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1
Announced
April 3, 2020
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
Firefox 74.0.1
Firefox ESR 68.6.1
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
References
Bug 1620818
#CVE-2020-6820: Use-after-free when handling a ReadableStream
Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
References
Bug 1626728
Change History (6)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:3 by , 4 years ago
In view of the urgency, I'll keep the buildsize and time measurements unaltered since I have not updated my 4-core machine to current rustc yet.
comment:4 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Perhaps this means that 68.7.0 (due on Tuesday) will not have any security fixes.