Security
Security
A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code.
| Package | www-client/firefox on all architectures |
|---|---|
| Affected versions | < 82.0.3 |
| Unaffected versions | >= 82.0.3 >= 78.4.1 |
| Package | www-client/firefox-bin on all architectures |
|---|---|
| Affected versions | < 78.4.1 |
| Unaffected versions | >= 82.0.3 >= 78.4.1 |
Mozilla Firefox is a popular open-source web browser from the Mozilla project.
Invalid assumptions when emitting the the MCallGetProperty opcode in the JavaScript JIT may result in a use-after-free condition.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0.3"
All Mozilla Firefox (bin) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.4.1:0/esr78"
All Mozilla Firefox (ESR) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0.3"
All Mozilla Firefox (ESR) bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.4.1:0/esr78"
Release date
November 11, 2020
Latest revision
November 11, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries