AVG-1213 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 78.0.2-1
Fixed 79.0-1
Current 131.0.3-1 [extra]
Ticket None
Created Fri Jul 31 15:14:59 2020
Issue Severity Remote Type Description
CVE-2020-15659 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of...
CVE-2020-15658 Low Yes Content spoofing
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an...
CVE-2020-15656 High Yes Denial of service
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the...
CVE-2020-15655 High Yes Information disclosure
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of...
CVE-2020-15654 Low Yes Denial of service
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they...
CVE-2020-15653 Medium Yes Authentication bypass
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites...
CVE-2020-15652 High Yes Information disclosure
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to...
CVE-2020-6514 High Yes Arbitrary code execution
Inappropriate implementation in WebRTC.
CVE-2020-6463 High Yes Arbitrary code execution
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/