Hello, Thanks for the report. This issue was addressed in https://ubuntu.com/security/notices/USN-4687-1 .
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16044 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1910518 Title: Mozilla Firefox / Firefox ESR Arbitrary Code Execution Vulnerability; ThreatCon 5 Status in firefox package in Ubuntu: New Bug description: A vulnerability has been reported in Mozilla Firefox and Mozilla Firefox ESR, which can be exploited by malicious people to compromise a vulnerable system. A use-after-free error when handling a COOKIE-ECHO chunk can be exploited to execute arbitrary code via a specially crafted SCTP packet. The vulnerability is reported in Mozilla Firefox versions prior to 84.0.2 and in Mozilla Firefox ESR versions prior to 78.6.1. Affected Software The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected. Mozilla Firefox 78.x Mozilla Firefox 84.x Solution Update to a fixed version. Mozilla Firefox: Update to version 84.0.2. Mozilla Firefox ESR: Update to version 78.6.1. References https://www.mozilla.org/en-US/security/advisories/mfsa2021-01 Ubuntu 18 is affected: last version is 84.0.1+build1-0ubuntu0.18.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1910518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
