[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2020-36

Salvatore Bonaccorso Tue, 25 Aug 2020 22:59:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
957436bf by Salvatore Bonaccorso at 2020-08-26T07:58:02+02:00
Add new firefox issues from mfsa2020-36

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18308,20 +18308,34 @@ CVE-2020-15671
        RESERVED
 CVE-2020-15670
        RESERVED
+       - firefox 80.0-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
 CVE-2020-15669
        RESERVED
 CVE-2020-15668
        RESERVED
+       - firefox 80.0-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668
 CVE-2020-15667
        RESERVED
+       - firefox 80.0-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667
 CVE-2020-15666
        RESERVED
+       - firefox 80.0-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666
 CVE-2020-15665
        RESERVED
+       - firefox 80.0-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
 CVE-2020-15664
        RESERVED
+       - firefox 80.0-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
 CVE-2020-15663
        RESERVED
+       - firefox <not-affected> (Only affects Windows)
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663
 CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used 
by the d ...)
        - firefox <not-affected> (Specific to Firefox for iOS)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662
@@ -26696,19 +26710,23 @@ CVE-2020-12402 (During RSA key generation, bignum 
implementations used a variati
        NOTE: Fixed upstream in 3.53.1
 CVE-2020-12401 [ECDSA timing attack mitigation bypass]
        RESERVED
+       - firefox 80.0-1
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
 CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable 
modular inversion function]
        RESERVED
+       - firefox 80.0-1
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
        NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400
 CVE-2020-12399 (NSS has shown timing differences when performing DSA 
signatures, which ...)
        {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
        - firefox 77.0-1
@@ -41973,12 +41991,14 @@ CVE-2020-6830 (For native-to-JS bridging, the app 
requires a unique token to be
        - firefox <not-affected> (Firefox on iOS)
 CVE-2020-6829 [Side channel attack on ECDSA signature generation]
        RESERVED
+       - firefox 80.0-1
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
        NOTE: Issue relates to CVE-2020-12400 and resolved in the same commits.
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829
 CVE-2020-6828 (A malicious Android application could craft an Intent that 
would have  ...)
        - firefox-esr <not-affected> (Android-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/957436bf653b04cf87a8bc7887bf85a9f793c038

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/957436bf653b04cf87a8bc7887bf85a9f793c038
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2020-36

Reply via email to