[Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2020-36

Salvatore Bonaccorso carnil at debian.org
Wed Aug 26 06:58:31 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
957436bf by Salvatore Bonaccorso at 2020-08-26T07:58:02+02:00
Add new firefox issues from mfsa2020-36

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18308,20 +18308,34 @@ CVE-2020-15671
 	RESERVED
 CVE-2020-15670
 	RESERVED
+	- firefox 80.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
 CVE-2020-15669
 	RESERVED
 CVE-2020-15668
 	RESERVED
+	- firefox 80.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668
 CVE-2020-15667
 	RESERVED
+	- firefox 80.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667
 CVE-2020-15666
 	RESERVED
+	- firefox 80.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666
 CVE-2020-15665
 	RESERVED
+	- firefox 80.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
 CVE-2020-15664
 	RESERVED
+	- firefox 80.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
 CVE-2020-15663
 	RESERVED
+	- firefox <not-affected> (Only affects Windows)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663
 CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...)
 	- firefox <not-affected> (Specific to Firefox for iOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662
@@ -26696,19 +26710,23 @@ CVE-2020-12402 (During RSA key generation, bignum implementations used a variati
 	NOTE: Fixed upstream in 3.53.1
 CVE-2020-12401 [ECDSA timing attack mitigation bypass]
 	RESERVED
+	- firefox 80.0-1
 	- nss 2:3.55-1
 	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
 CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function]
 	RESERVED
+	- firefox 80.0-1
 	- nss 2:3.55-1
 	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
 	NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
 	NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400
 CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
 	{DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
 	- firefox 77.0-1
@@ -41973,12 +41991,14 @@ CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be
 	- firefox <not-affected> (Firefox on iOS)
 CVE-2020-6829 [Side channel attack on ECDSA signature generation]
 	RESERVED
+	- firefox 80.0-1
 	- nss 2:3.55-1
 	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
 	NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
 	NOTE: Issue relates to CVE-2020-12400 and resolved in the same commits.
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829
 CVE-2020-6828 (A malicious Android application could craft an Intent that would have  ...)
 	- firefox-esr <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/957436bf653b04cf87a8bc7887bf85a9f793c038

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/957436bf653b04cf87a8bc7887bf85a9f793c038
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200826/00820609/attachment.html>

More information about the debian-security-tracker-commits mailing list