{"id":"MGASA-2020-0318","summary":"Updated firefox packages fix security vulnerability","details":"WebRTC used the memory address of a class instance as a connection identifier.\nUnfortunately, this value is often transmitted to the peer, which\nallows bypassing ASLR (CVE-2020-6514).\n\nCrafted media files could lead to a race in texture caches, resulting in a\nuse-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture, memory\ncorruption, and a potentially exploitable crash (CVE-2020-6463).\n\nBy observing the stack trace for JavaScript errors in web workers, it was\npossible to leak the result of a cross-origin redirect. This applied only to\ncontent that can be parsed as script (CVE-2020-15652).\n\nMozilla developers Jason Kratzer and Luke Wagner reported memory safety bugs\npresent in Firefox 78 and Firefox ESR 68.10. Some of these bugs showed evidence\nof memory corruption and we presume that with enough effort some of these could\nhave been exploited to run arbitrary code (CVE-2020-15659).\n\nUsing the EM side-channel, it is possible to extract the position of zero and\nnon-zero wNAF digits while nss-certutil tool performs scalar multiplication\nduring the ECDSA signature generation, leaking partial information about the\nECDSA nonce. Given a small number of ECDSA signatures, this information can be\nused to steal the private key. The highest threat from this vulnerability is to\ndata confidentiality (CVE-2020-6829).\n\nA side channel flaw was found in the way P-384 and P-521 curses are used in\ngeneration EDSA signatures, leaking partial information about the ECDSA nonce.\nGiven a small number of ECDSA signatures, this information can be used to steal\nthe private key. The highest threat from this vulnerability is to data\nconfidentiality (CVE-2020-12400).\n\nUsing the EM side-channel, it is possible to extract the position of zero and\nnon-zero wNAF digits while nss-certutil tool performs scalar multiplication\nduring the ECDSA signature generation, leaking partial information about the\nECDSA nonce. Given a small number of ECDSA signatures, this information can be\nused to steal the private key. The highest threat from this vulnerability is to\ndata confidentiality (CVE-2020-12401).\n\nMulti-part ChaCha20 was not functioning correctly and tag length was not\nstrictly enforced (CVE-2020-12403).\n","modified":"2026-04-16T04:40:46.024393271Z","published":"2020-08-18T17:41:27Z","upstream":["CVE-2020-12400","CVE-2020-12401","CVE-2020-12403","CVE-2020-15652","CVE-2020-15659","CVE-2020-6463","CVE-2020-6514","CVE-2020-6829"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0318.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27011"},{"type":"WEB","url":"https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/3626XG8mLJw"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826187"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853983"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851294"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4455-1"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.11.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0318.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.11.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0318.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.27-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0318.json"}},{"package":{"name":"nss","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.52.1-1.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0318.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}