[GLSA-202101-04] Mozilla Firefox: Remote code execution
A use-after-free in Mozilla Firefox's SCTP handling may allow remote code execution.
Background
Mozilla Firefox is a popular open-source web browser from the Mozilla
project.
Description
A use-after-free bug was discovered in Mozilla Firefox’s handling of
SCTP.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Firefox ESR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/firefox-78.6.1:0/esr78"
All Firefox ESR binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/firefox-bin-78.6.1:0/esr78"
All Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-84.0.2"
All Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-84.0.2"
| Package | Affected Version |
|---|---|
 pkg:ebuild/www-client/firefox?distro=gentoo
|
< 84.0.2 |
|
pkg:ebuild/www-client/firefox-bin?distro=gentoo
|
< 84.0.2 |
| Package | Unaffected Version |
|---|---|
|
pkg:ebuild/www-client/firefox?distro=gentoo
|
>= 78.6.1 |
|
pkg:ebuild/www-client/firefox?distro=gentoo
|
>= 84.0.2 |
|
pkg:ebuild/www-client/firefox-bin?distro=gentoo
|
>= 78.6.1 |
|
pkg:ebuild/www-client/firefox-bin?distro=gentoo
|
>= 84.0.2 |
- ID
- GLSA-202101-04
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/202101-04
- Published
-
2021-01-10T00:00:00
(3 years ago) - Modified
-
2021-01-10T00:00:00
(3 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
-
ALAS2-2021-1594
-
ALPINE:CVE-2020-16044
-
ASA-202101-17
-
ASA-202101-5
-
ASA-202102-4
-
ASA-202102-5
-
DSA-4827-1
-
DSA-4842-1
-
DSA-4846-1
-
ELSA-2021-0052
-
ELSA-2021-0053
-
ELSA-2021-0087
-
ELSA-2021-0089
-
FEDORA-2021-48866282e5
-
FEDORA-2021-b7cc24375b
-
FREEBSD:4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC
-
GLSA-202101-13
-
GLSA-202101-14
-
MFSA-2021-01
-
MFSA-2021-02
-
MS:CVE-2020-16044
-
openSUSE-SU-2021:0056-1
-
openSUSE-SU-2021:0063-1
-
openSUSE-SU-2021:0093-1
-
openSUSE-SU-2021:0127-1
-
openSUSE-SU-2021:0166-1
-
openSUSE-SU-2021:0173-1
-
openSUSE-SU-2021:0177-1
-
openSUSE-SU-2021:0186-1
-
openSUSE-SU-2021:0973-1
-
openSUSE-SU-2021:1016-1
-
RHSA-2021:0052
-
RHSA-2021:0053
-
RHSA-2021:0087
-
RHSA-2021:0089
-
SUSE-SU-2021:0071-1
-
SUSE-SU-2021:0072-1
-
SUSE-SU-2021:0080-1
-
SUSE-SU-2021:0122-1
-
SUSE-SU-2021:0123-1
-
USN-4687-1
-
USN-4701-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2020-16044 | CVE-2020-16044 |
|
| Vendor | MFSA-2021-01 |
|
|
| Bugzilla | 764161 | Bugzilla #764161 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:ebuild/www-client/firefox?distro=gentoo | www-client |
firefox
|
< 84.0.2 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/firefox?distro=gentoo | www-client |
firefox
|
>= 78.6.1 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/firefox?distro=gentoo | www-client |
firefox
|
>= 84.0.2 | gentoo | ||
| Affected | pkg:ebuild/www-client/firefox-bin?distro=gentoo | www-client |
firefox-bin
|
< 84.0.2 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/firefox-bin?distro=gentoo | www-client |
firefox-bin
|
>= 78.6.1 | gentoo | ||
| Unaffected | pkg:ebuild/www-client/firefox-bin?distro=gentoo | www-client |
firefox-bin
|
>= 84.0.2 | gentoo |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |