Opened 9 months ago

Closed 9 months ago

#14228 closed enhancement (fixed)

firefox-78.4.1 and mozjs78 (Zero-day Security Fix)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New critical security release of Firefox and JS78.

See https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/

Change History (5)

comment:1 by Douglas R. Reno, 9 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 9 months ago

Mozilla Foundation Security Advisory 2020-49
Security Vulnerabilities fixed in Firefox 82.0.3 and Firefox ESR 78.4.1

Announced
    November 9, 2020
Impact
    critical
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 82.0.3
        Firefox ESR 78.4.1

#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

Reporter
    360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity Contest
Impact
    critical

Description

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.
References

    Bug 1675905

comment:3 by ken@…, 9 months ago

I've rolled forward the firefox patch for using rustc-1.47.0.

comment:4 by Douglas R. Reno, 9 months ago

Thank you Ken :)

comment:5 by Douglas R. Reno, 9 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r23880

Note: See TracTickets for help on using tickets.