Download page ISN 2020-04: Firefox ESR Various Vulnerabilities.
ISN 2020-04: Firefox ESR Various Vulnerabilities
Announced 9 June 2020
Score: Critical
Two security issues rated critical and one rated high affect the Firefox ESR web browser on
IGEL OS 11
IGEL OS 10
IGEL Linux 5
Details
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. (CVE-2020-12387). Additionally, memory safety bugs have been reported in Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and Mozilla presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12395). Furthermore, a buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash (CVE-2020-6831).