Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0427)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2020.0427

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2020-0427)

Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2020-0427 advisory.

Description: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2020-0427 advisory.

Vulnerability Insight:
When drawing a transparent image on top of an unknown cross-origin image, the
Skia library drawImage function took a variable amount of time depending on
the content of the underlying image. This resulted in potential cross-origin
information exposure of image content through timing side-channel attacks
(CVE-2020-16012).

A parsing and event loading mismatch in Firefox's SVG code could have allowed
load events to fire, even after sanitization. An attacker already capable of
exploiting an XSS vulnerability in privileged internal pages could have used
this attack to bypass our built-in sanitizer (CVE-2020-26951).

It was possible to cause the browser to enter fullscreen mode without
displaying the security UI, thus making it possible to attempt a phishing
attack or otherwise confuse the user (CVE-2020-26953).

In some cases, removing HTML elements during sanitization would keep existing
SVG event handlers and therefore lead to XSS (CVE-2020-26956).

Firefox did not block execution of scripts with incorrect MIME types when the
response was intercepted and cached through a ServiceWorker. This could lead
to a cross-site script inclusion vulnerability, or a Content Security Policy
bypass (CVE-2020-26958).

During browser shutdown, reference decrementing could have occurred on a
previously freed object, resulting in a use-after-free in WebRequestService,
memory corruption, and a potentially exploitable crash (CVE-2020-26959).

If the Compact() method was called on an nsTArray, the array could have been
reallocated without updating other pointers, leading to a potential
use-after-free and exploitable crash (CVE-2020-26960).

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP
ranges from the responses as these do not make sense coming from a DoH
resolver. However when an IPv4 address was mapped through IPv6, these
addresses were erroneously let through, leading to a potential DNS Rebinding
attack (CVE-2020-26961).

Some websites have a feature 'Show Password' where clicking a button will
change a password field into a textbook field, revealing the typed password.
If, when using a software keyboard that remembers user input, a user typed
their password and used that feature, the type of the password field was
changed, resulting in a keyboard layout change and the possibility for the
software keyboard to remember the typed password (CVE-2020-26965).

Mozilla developers Steve Fink, Jason Kratzer, Randell Jesup, Christian Holler,
and Byron Campen reported memory safety bugs present in Firefox ESR 78.4. Some
of these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code
(CVE-2020-26968).

Affected Software/OS:
'firefox, firefox-l10n, nss' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-16012
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
https://crbug.com/1088224
Common Vulnerability Exposure (CVE) ID: CVE-2020-26951
https://www.mozilla.org/security/advisories/mfsa2020-50/
https://www.mozilla.org/security/advisories/mfsa2020-51/
https://www.mozilla.org/security/advisories/mfsa2020-52/
https://bugzilla.mozilla.org/show_bug.cgi?id=1667113
Common Vulnerability Exposure (CVE) ID: CVE-2020-26953
https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
Common Vulnerability Exposure (CVE) ID: CVE-2020-26956
https://bugzilla.mozilla.org/show_bug.cgi?id=1666300
Common Vulnerability Exposure (CVE) ID: CVE-2020-26958
https://bugzilla.mozilla.org/show_bug.cgi?id=1669355
Common Vulnerability Exposure (CVE) ID: CVE-2020-26959
https://bugzilla.mozilla.org/show_bug.cgi?id=1669466
Common Vulnerability Exposure (CVE) ID: CVE-2020-26960
https://bugzilla.mozilla.org/show_bug.cgi?id=1670358
Common Vulnerability Exposure (CVE) ID: CVE-2020-26961
https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
Common Vulnerability Exposure (CVE) ID: CVE-2020-26965
https://bugzilla.mozilla.org/show_bug.cgi?id=1661617
Common Vulnerability Exposure (CVE) ID: CVE-2020-26968
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0427
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0427)
Summary:	The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2020-0427 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2020-0427 advisory. Vulnerability Insight: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks (CVE-2020-16012). A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer (CVE-2020-26951). It was possible to cause the browser to enter fullscreen mode without displaying the security UI, thus making it possible to attempt a phishing attack or otherwise confuse the user (CVE-2020-26953). In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS (CVE-2020-26956). Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass (CVE-2020-26958). During browser shutdown, reference decrementing could have occurred on a previously freed object, resulting in a use-after-free in WebRequestService, memory corruption, and a potentially exploitable crash (CVE-2020-26959). If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash (CVE-2020-26960). When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack (CVE-2020-26961). Some websites have a feature 'Show Password' where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password (CVE-2020-26965). Mozilla developers Steve Fink, Jason Kratzer, Randell Jesup, Christian Holler, and Byron Campen reported memory safety bugs present in Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-26968). Affected Software/OS: 'firefox, firefox-l10n, nss' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16012 https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1088224 Common Vulnerability Exposure (CVE) ID: CVE-2020-26951 https://www.mozilla.org/security/advisories/mfsa2020-50/ https://www.mozilla.org/security/advisories/mfsa2020-51/ https://www.mozilla.org/security/advisories/mfsa2020-52/ https://bugzilla.mozilla.org/show_bug.cgi?id=1667113 Common Vulnerability Exposure (CVE) ID: CVE-2020-26953 https://bugzilla.mozilla.org/show_bug.cgi?id=1656741 Common Vulnerability Exposure (CVE) ID: CVE-2020-26956 https://bugzilla.mozilla.org/show_bug.cgi?id=1666300 Common Vulnerability Exposure (CVE) ID: CVE-2020-26958 https://bugzilla.mozilla.org/show_bug.cgi?id=1669355 Common Vulnerability Exposure (CVE) ID: CVE-2020-26959 https://bugzilla.mozilla.org/show_bug.cgi?id=1669466 Common Vulnerability Exposure (CVE) ID: CVE-2020-26960 https://bugzilla.mozilla.org/show_bug.cgi?id=1670358 Common Vulnerability Exposure (CVE) ID: CVE-2020-26961 https://bugzilla.mozilla.org/show_bug.cgi?id=1672528 Common Vulnerability Exposure (CVE) ID: CVE-2020-26965 https://bugzilla.mozilla.org/show_bug.cgi?id=1661617 Common Vulnerability Exposure (CVE) ID: CVE-2020-26968 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923
Copyright	Copyright (C) 2022 Greenbone AG