AVG-1148 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 75.0-1
Fixed 76.0-1
Current 80.0.1-1 [extra]
Ticket None
Created Tue May 5 17:16:55 2020
Issue Severity Remote Type Description
CVE-2020-12396 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 76.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-12395 Critical Yes Arbitrary code execution
Several memory safety bugs has been found in Firefox before 76.0, Firefox ESR before 68.8 and Thunderbird before 68.8.0. Some of these bugs showed evidence...
CVE-2020-12394 Low Yes Content spoofing
A logic flaw has been found in the location bar implementation of Firefox before 76.0, and could have allowed a local attacker to spoof the current location...
CVE-2020-12392 Medium Yes Content spoofing
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0 and Thunderbird before...
CVE-2020-12391 Medium Yes Arbitrary code execution
Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context in Firefox before 76.0. This allowed the execution...
CVE-2020-12390 Medium Yes Insufficient validation
An incorrect origin serialization of URLs with IPv6 addresses issue has been found in Firefox before 76.0, and could lead to incorrect security checks.
CVE-2020-12387 Critical Yes Arbitrary code execution
A race condition has been found in Firefox before 76.0 and Thunderbird before 68.8.0, when running shutdown code for Web Worker, leading to a use-after-free...
CVE-2020-6831 High Yes Arbitrary code execution
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC, in Firefox before 76.0, Thunderbird before 68.8.0 and chromium before...
Date Advisory Package Description
06 May 2020 ASA-202005-3 firefox multiple issues