{"id":"MGASA-2020-0090","summary":"Updated firefox packages fix security vulnerabilities","details":"Updated firefox packages fix security vulnerabilities:\n\nDue to a missing bounds check on shared memory read in the parent process, a\ncontent process could have modified shared memory relating to crash reporting\ninformation, crash itself, and cause an out-of-bound write. This could have\ncaused memory corruption and a potentially exploitable crash (CVE-2020-6796).\n\nIf a \u003ctemplate\u003e tag was used in a \u003cselect\u003e tag, the parser could be confused\nand allow JavaScript parsing and execution when it should not be allowed. A\nsite that relied on the browser behaving correctly could suffer a cross-site\nscripting vulnerability as a result (CVE-2020-6798).\n\nMemory safety bugs present in Firefox ESR 68.4. Some of these bugs showed\nevidence of memory corruption and presumably some of these could have been\nexploited to run arbitrary code (CVE-2020-6800).\n\nAlso, nspr has been updated to 4.25 and nss to 3.50.0\n","modified":"2026-04-16T04:40:40.494648209Z","published":"2020-02-18T14:05:53Z","upstream":["CVE-2020-6796","CVE-2020-6798","CVE-2020-6800"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0090.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26181"},{"type":"WEB","url":"https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/lK7toqtJ96E"},{"type":"WEB","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/"}],"affected":[{"package":{"name":"nspr","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.25-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0090.json"}},{"package":{"name":"nss","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.50.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0090.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.5.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0090.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.5.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0090.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}