Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1919 MFSA 2020-20 Security Vulnerabilities fixed in Firefox 77 3 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Publisher: Mozilla Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-12411 CVE-2020-12410 CVE-2020-12409 CVE-2020-12408 CVE-2020-12407 CVE-2020-12406 CVE-2020-12405 CVE-2020-12399 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/ - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2020-20 Security Vulnerabilities fixed in Firefox 77 Announced June 2, 2020 Impact high Products Firefox Fixed in Firefox 77 # CVE-2020-12399: Timing attack on DSA signatures in NSS library Reporter Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University Impact high Description NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. References o Bug 1631576 # CVE-2020-12405: Use-after-free in SharedWorkerService Reporter Marcin 'Icewall' Noga of Cisco Talos Impact high Description When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. References o Bug 1631618 # CVE-2020-12406: JavaScript type confusion with NativeTypes Reporter Iain Ireland Impact high Description Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. References o Bug 1639590 # CVE-2020-12407: WebRender leaking GPU memory when using border-image CSS directive Reporter Nicolas Silva Impact moderate Description Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. References o Bug 1637112 # CVE-2020-12408: URL spoofing when using IP addresses Reporter Rayyan Bijoora Impact low Description When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. References o Bug 1623888 # CVE-2020-12409: URL spoofing with unicode characters Reporter Rayyan Bijoora Impact low Description When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. References o Bug 1629506 # CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 Reporter Mozilla developers Impact high Description Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 # CVE-2020-12411: Memory safety bugs fixed in Firefox 77 Reporter Mozilla developers Impact high Description Mozilla developers :Gijs (he/him), Randell Jesup reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 77 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXtbmteNLKJtyKPYoAQgX2w//VXS9l/T+3cc4FdYpZTh5E/c84ogGepy6 zvdREotQFRwoFULfsfW8JC+a2B6UcCvD6bBBNBf4/L7mbso2OT4+9aHI1ykcnxwv apjEp0+VmApL9CUI7//tyOWe2E1U2qFTD0Gw6I+z+lX6hlwpNqufhcbl48jqP6ol OZD4vq4j+fi/Dmyc9858PhrlUbHoHy7cSxfGljBNJOPrRQzld30D3exEV5fMnd3k aqwVqd5wY/NOKyZqqdi6fnTKCASJ7mYR74hN0NzhOsH9Uil7RzeAaaY/Qeqf5Miq VVlAd8YX6yDpsxedaO+cLPE/bYUnb7Mw/z9VvLxb4bsgwM1JO6+1NkytsdQxDkMv MilwcH7WoizwSlzQ9iXU6+c03/F3kfXYDZ+9/z+FM10vwtjZkbo1DwSL1XAYAs5p 9rF0K5Q2ie4z4PUc+uezPSRzU89nucqdWRtKSKOTjvvkcHk63I73OHN//UPejKNn SdtI48BwIY9oqrQFAlZXQUTZqjMK49BWP3BDRcIgbWpw+Nca0LE1BLulkeCfWpAy PWJg6KInefEouYuKYeFp+cdLypA9NtUV+T7eyDMgE7cbVdvXImf3mDcG1lSSB7T4 et+TkJHj79bvsXve4bBtpZitUAF7QvaVSgtKLqdPL47BW08bQIYsduu9lrUFd2Z2 NYAi4gg0V44= =9q8d -----END PGP SIGNATURE-----