Opened 2 years ago

Closed 2 years ago

#14228 closed enhancement (fixed)

firefox-78.4.1 and mozjs78 (Zero-day Security Fix)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New critical security release of Firefox and JS78.

See https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/

Change History (5)

comment:1 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 2 years ago

Mozilla Foundation Security Advisory 2020-49
Security Vulnerabilities fixed in Firefox 82.0.3 and Firefox ESR 78.4.1

Announced
    November 9, 2020
Impact
    critical
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 82.0.3
        Firefox ESR 78.4.1

#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

Reporter
    360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity Contest
Impact
    critical

Description

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.
References

    Bug 1675905

comment:3 by ken@…, 2 years ago

I've rolled forward the firefox patch for using rustc-1.47.0.

comment:4 by Douglas R. Reno, 2 years ago

Thank you Ken :)

comment:5 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r23880

Note: See TracTickets for help on using tickets.