AVG-1112 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 73.0.1-1
Fixed 74.0-1
Current 74.0.1-1 [extra]
Ticket None
Created Wed Mar 11 10:25:09 2020
Issue Severity Remote Type Description
CVE-2020-6815 Critical Yes Arbitrary code execution
Several memory safety and script safety bugs have been found in Firefox before 74. Some of these bugs showed evidence of memory corruption or escalation of...
CVE-2020-6814 Critical Yes Arbitrary code execution
Several memory safety and script safety bugs have been found in Firefox before 74, Firefox ESR before 68.6 and Thunderbird before 68.6. Some of these bugs...
CVE-2020-6813 Low Yes Access restriction bypass
A Content Security Policy bypass has been found in Firefox before 74. When protecting CSS blocks with the nonce feature of Content Security Policy, the...
CVE-2020-6812 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 74 and Thunderbird before 68.6. The first time AirPods are connected to an iPhone, they...
CVE-2020-6811 Medium Yes Arbitrary command execution
A security issue has been found in Firefox before 74 and Thunderbird before 68.6, where the 'Copy as cURL' feature of Devtools' network tab did not properly...
CVE-2020-6810 Medium Yes Content spoofing
A security issue has been found in Firefox before 74 where, after a website had entered fullscreen mode, it could have used a previously opened popup to...
CVE-2020-6809 Medium Yes Access restriction bypass
A security issue has been found in Firefox before 74 where, when a Web Extension had the all-urls permission and made a fetch request with a mode set to...
CVE-2020-6808 Medium Yes Content spoofing
A security issue has been found in Firefox before 74 where, when a JavaScript URL (javascript:) is evaluated and the result is a string, this string is...
CVE-2020-6807 Critical Yes Arbitrary code execution
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6, in cubeb  during stream destruction. When a device was changed while...
CVE-2020-6806 Critical Yes Arbitrary code execution
A state confusion issue has been found in Firefox before 74 and Thunderbird before 68.6, in BodyStream::OnInputStreamReady. By carefully crafting promise...
CVE-2020-6805 Critical Yes Arbitrary code execution
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6. When removing data about an origin whose tab was recently closed, a...
CVE-2019-20503 Medium Yes Information disclosure
An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to...
Date Advisory Package Description
11 Mar 2020 ASA-202003-8 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/