AVG-1173 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 76.0.1-1
Fixed 77.0-1
Current 80.0.1-1 [extra]
Ticket None
Created Tue Jun 2 21:22:07 2020
Issue Severity Remote Type Description
CVE-2020-12411 High Yes Arbitrary code execution
Mozilla developers :Gijs (he/him), Randell Jesup reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption...
CVE-2020-12410 High Yes Arbitrary code execution
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76, Firefox ESR 68.8 and Thunderbird before 68.9.0. Some of...
CVE-2020-12409 Low Yes Content spoofing
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL.
CVE-2020-12408 Low Yes Content spoofing
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
CVE-2020-12407 Medium Yes Denial of service
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The...
CVE-2020-12406 High Yes Arbitrary code execution
Mozilla Developer Iain Ireland discovered a missing type check in Firefox before 77.0 and Thunderbird before 68.9.0 during unboxed objects removal,...
CVE-2020-12405 High Yes Denial of service
When browsing a malicious page in Firefox before 77.0 and Thunderbird before 68.9.0, a race condition in our SharedWorkerService could occur and lead to a...
CVE-2020-12399 High Yes Private key recovery
NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was...
Date Advisory Package Description
02 Jun 2020 ASA-202006-1 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/