Jump to content
CCleaner Community Forums
nodles

The Firefox/Mozilla Thread

Recommended Posts

ff v68.5.0 esr

 

11. feb. 2020

 

Fixed

Developer

 

Quote

Security Vulnerabilities fixed in Firefox ESR68.5

#CVE-2020-6796: Missing bounds check on shared memory read in the parent process

Reporter
Thomas Imbert
Impact
high
Description

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash.

References

#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX

Reporter
Vladimir Metnew
Impact
moderate
Description

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact.
Note: this issue only occurs on Mac OSX. Other operating systems are unaffected.

References

#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection

Reporter
terjanq
Impact
moderate
Description

If a <template> tag was used in a <select%gt; tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result.

References

#CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader

Reporter
Joshua Graham & Brendan Scarvell
Impact
moderate
Description

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments.
Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected.

References

#CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5

Reporter
Mozilla developers and community
Impact
high
Description

Mozilla developers and community members Raul Gurzau, Tyson Smith, Bob Clary, Liz Henry, and Christian Holler reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

 

Share this post


Link to post
Share on other sites

ff v73.0.1

 

18. feb 2020

 

Fixed

  • Fixed crashes on Windows systems running third-party security software such as 0patch or G DATA (bug 1610790)

  • Fixed loss of browser functionality in certain circumstances such as running in Windows compatibility mode or having custom anti-exploit settings (bug 1614885)

  • Resolved problems connecting to the RBC Royal Bank website (bug 1613943)

  • Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bug 1611133)

  • Fixed crashes when playing encrypted content on some Linux systems (bug 1614535)

Share this post


Link to post
Share on other sites

ff v74.0

 

10. march 2020

 

New

  • Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.

  • Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.

  • Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.

  • Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when you need an exception, you can now create one by adding custom sites to the Facebook Container.

  • Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.

Fixed

  • Various security fixes.

  • We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.

Changed

  • When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved allowing you to flip through to the next image of the batch.

  • On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar making keyboard shortcuts more useful for our users.

  • We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

Developer

Developer Information

  • Firefox’s Debugger added support for debugging Nested Web Workers, so their execution can be paused and stepped through with breakpoints

Web Platform

Share this post


Link to post
Share on other sites

ff v68.6.0 esr

 

10. march 2020

 

Fixed

 

Quote

 

Security Vulnerabilities fixed in Firefox ESR 68.6

Announced March 10, 2020
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 68.6

#CVE-2020-6805: Use-after-free when removing data about origins

Reporter Brian Carpenter
Impact high
Description

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.

References

#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion

Reporter Sergei Glazunov of Google Project Zero
Impact high
Description

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash.

References

#CVE-2020-6807: Use-after-free in cubeb during stream destruction

Reporter C.M.Chang
Impact high
Description

When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.

References

#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

Reporter Ophir LOJKINE
Impact moderate
Description

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.

References

#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init

Reporter Natalie Silvanovich of Google Project Zero
Impact moderate
Description

The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.

References

#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission

Reporter Jan-Ivar Bruaroey
Impact moderate
Description

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.

References

#CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6

Reporter Mozilla developers and community
Impact high
Description

Mozilla developers and community members Byron Campen, Jason Kratzer, and Christian Holler reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...