#14548: seamonkey-2.53.6
-------------------------+-----------------------
Reporter: renodr | Owner: renodr
Type: enhancement | Status: assigned
Priority: highest | Milestone: 10.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by renodr):
* priority: high => highest
Comment:
{{{
What's New in SeaMonkey 2.53.6
SeaMonkey 2.53.6 contains (among other changes) the following major
changes relative to SeaMonkey 2.53.5.1:
Improve usability of multiple mailboxes/folders selectionbug 1600103.
Add Greek localisation (el).
Remove more RDF from mailnews code.
Switch to mozilla as topsrcdir and component for building is
comm/suite now.
Rust support is now up to 1.48 and official build is now using 1.47.0
Various security and general platform fixes.
SeaMonkey 2.53.6 contains (among other changes) the following major
changes relative to SeaMonkey 2.49.5:
The Bookmarks Manager has switched its name to Library, and now also
includes the History list. When invoking History, the Library will be
shown with the History list selected. The extensive modifications were
needed because of Mozilla Gecko platform API changes.
Download Manager has been migrated to a new API. Although it looks
pretty much the same as before, the search option is missing and some
other minor details work differently. The previous downloads history is
removed during the upgrade.
The layout panel was added to the CSS Grid tools.
TLS 1.3 is the default SSL version now.
The only NPAPI plugin which will work with SeaMonkey 2.53.6 is Flash.
Support for other NPAPI plugins like Java and Silverlight has been
removed. For displaying pdf files in the browser you can use pdf.js-
seamonkey from Isaac Schemm.
SeaMonkey now uses a new api for formatting regional data like time
and date. Default is to use the application locale of the current
SeaMonkey build. If you use a language pack or a different OS formatting
this is usually not desired. You can change the formatting from the
application locale to the regional settings locale (OS) in the preferences
dialog under "Appearance".
SeaMonkey 2.53.6 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
SeaMonkey 2.53.6 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.0 release notes for specific
changes and security fixes in this release.
Additional important security fixes up to Current Firefox 78.6 ESR and a
few enhancements have been backported. We will continue to enhance
SeaMonkey security in subsequent 2.53.x beta and release versions as fast
as we are able to.
}}}
Ken, it's worth noting that this should be compatible with rust-1.48.0
should we need to upgrade anytime soon
On that note, it's time for some security fixes. The previous version of
seamonkey, 2.53.5.1, included fixes from Firefox and Thunderbird
78.4.0esr.
'''Security fixes from Firefox-78.4.1esr:'''
{{{
CVE-2020-26950: Write side effects in MCallGetProperty opcode not
accounted for
Reporter
360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity
Contest
Impact
critical
Description
In certain circumstances, the MCallGetProperty opcode can be emitted with
unmet assumptions resulting in an exploitable use-after-free condition.
References
Bug 1675905
}}}
'''Security fixes from Firefox-78.5.0esr:'''
{{{
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
Reporter
Irvan Kurniawan (@sourc7)
Impact
high
Description
A parsing and event loading mismatch in Firefox's SVG code could have
allowed load events to fire, even after sanitization. An attacker already
capable of exploiting an XSS vulnerability in privileged internal pages
could have used this attack to bypass our built-in sanitizer.
References
Bug 1667113
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
Reporter
Aleksejs Popovs
Impact
moderate
Description
When drawing a transparent image on top of an unknown cross-origin image,
the Skia library drawImage function took a variable amount of time
depending on the content of the underlying image. This resulted in
potential cross-origin information exposure of image content through
timing side-channel attacks.
References
Bug 1642028
#CVE-2020-26953: Fullscreen could be enabled without displaying the
security UI
Reporter
Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research
Impact
moderate
Description
It was possible to cause the browser to enter fullscreen mode without
displaying the security UI; thus making it possible to attempt a phishing
attack or otherwise confuse the user.
References
Bug 1656741
#CVE-2020-26956: XSS through paste (manual and clipboard API)
Reporter
Irvan Kurniawan (@sourc7)
Impact
moderate
Description
In some cases, removing HTML elements during sanitization would keep
existing SVG event handlers and therefore lead to XSS.
References
Bug 1666300
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
Reporter
Moti Harmats
Impact
moderate
Description
Firefox did not block execution of scripts with incorrect MIME types when
the response was intercepted and cached through a ServiceWorker. This
could lead to a cross-site script inclusion vulnerability, or a Content
Security Policy bypass.
References
Bug 1669355
#CVE-2020-26959: Use-after-free in WebRequestService
Reporter
Bharadwaj Machiraju
Impact
moderate
Description
During browser shutdown, reference decrementing could have occured on a
previously freed object, resulting in a use-after-free, memory corruption,
and a potentially exploitable crash.
References
Bug 1669466
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
Reporter
Zijie Zhao
Impact
moderate
Description
If the Compact() method was called on an nsTArray, the array could have
been reallocated without updating other pointers, leading to a potential
use-after-free and exploitable crash.
References
Bug 1670358
#CVE-2020-15999: Heap buffer overflow in freetype
Reporter
Sergei Glazunov of Google Project Zero
Impact
moderate
Description
In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png
function contained an integer overflow that led to a heap buffer overflow,
memory corruption, and an exploitable crash.
Note: While Project Zero did discover instances of this vulnerability
being exploited in the wild against Chrome, in Firefox this vulnerability
is only triggerable if a rarely-used, hidden preference is toggled, and
only affected Linux and Android operating systems. Other operating systems
are unaffected; and Linux and Android are unaffected in the default
configuration.
References
Bug 1672223
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
Reporter
Gabriel Corona
Impact
moderate
Description
When DNS over HTTPS is in use, it intentionally filters RFC1918 and
related IP ranges from the responses as these do not make sense coming
from a DoH resolver. However when an IPv4 address was mapped through IPv6,
these addresses were erroneously let through, leading to a potential DNS
Rebinding attack.
References
Bug 1672528
#CVE-2020-26965: Software keyboards may have remembered typed passwords
Reporter
Makoto Kato
Impact
low
Description
Some websites have a feature "Show Password" where clicking a button will
change a password field into a textbook field, revealing the typed
password. If, when using a software keyboard that remembers user input, a
user typed their password and used that feature, the type of the password
field was changed, resulting in a keyboard layout change and the
possibility for the software keyboard to remember the typed password.
References
Bug 1661617
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
Reporter
tiebuchen
Impact
low
Description
Searching for a single word from the address bar caused an mDNS request to
be sent on the local network searching for a hostname consisting of that
string; resulting in an information leak.
Note: This issue only affected Windows operating systems. Other operating
systems are unaffected.
References
Bug 1663571
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR
78.5
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers Steve Fink, Jason Kratzer, Randell Jesup, Christian
Holler, and Byron Campen reported memory safety bugs present in Firefox 82
and Firefox ESR 78.4. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
}}}
'''Security fixes from Firefox-78.6.0esr (NOTE: 78.6.1esr SCTP fix doesn't
seem to be included :-( ):'''
{{{
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed
Reporter
André Bargull
Impact
critical
Description
When a BigInt was right-shifted the backing store was not properly
cleared, allowing uninitialized memory to be read.
References
Bug 1679003
#CVE-2020-26971: Heap buffer overflow in WebGL
Reporter
Omair, Abraruddin Khan
Impact
high
Description
Certain blit values provided by the user were not properly constrained
leading to a heap buffer overflow on some video drivers.
References
Bug 1663466
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
Reporter
Kai Engert
Impact
high
Description
Certain input to the CSS Sanitizer confused it, resulting in incorrect
components being removed. This could have been used as a sanitizer bypass.
References
Bug 1680084
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a
heap use-after-free
Reporter
Pham Bao of VinCSS (Member of Vingroup)
Impact
high
Description
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis
object could have been incorrectly cast to the wrong type. This resulted
in a heap user-after-free, memory corruption, and a potentially
exploitable crash.
References
Bug 1681022
#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage
Reporter
Samy Kamkar, Ben Seri, and Gregory Vishnepolsky
Impact
moderate
Description
Using techniques that built on the slipstream research, a malicious
webpage could have exposed both an internal network's hosts as well as
services running on the user's local machine.
References
Bug 1677047
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
Reporter
Yassine Tioual
Impact
low
Description
When an extension with the proxy permission registered to receive
<all_urls>, the proxy.onRequest callback was not triggered for view-source
URLs. While web content cannot navigate to such URLs, a user opening View
Source could have inadvertently leaked their IP address.
References
Bug 1657916
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
Reporter
Samuel Attard via the Chrome Security Team
Impact
low
Description
If a user downloaded a file lacking an extension on Windows, and then
"Open"-ed it from the downloads panel, if there was an executable file in
the downloads directory with the same name but with an executable
extension (such as .bat or .exe) that executable would have been launched
instead.
Note: This issue only affected Windows operating systems. Other operating
systems are unaffected.
References
Bug 1661365
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR
78.6
Reporter
Christian Holler
Impact
high
Description
Mozilla developer Christian Holler reported memory safety bugs present in
Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some of these
could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
}}}
Thunderbird's SMTP 0day has been included in this as well:
{{{
#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server
response codes
Reporter
Chiaki Ishikawa
Impact
high
Description
When reading SMTP server status codes, Thunderbird writes an integer value
to a position on the stack that is intended to contain just one byte.
Depending on processor architecture and stack layout, this leads to stack
corruption that may be exploitable.
References
Bug 1677338
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14548#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
