Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0067 MFSA 2021-01 Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1 7 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Firefox ESR Publisher: Mozilla Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-16044 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/ - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2021-01 Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1 Announced: January 6, 2021 Impact: critical Products: Firefox, Firefox ESR, Firefox for Android Fixed in: Firefox 84.0.2 Firefox ESR 78.6.1 Firefox for Android 84.1.3 # CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Reporter: Ned Williamson Impact: critical Description A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. References o Bug 1683964 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/ZZYuNLKJtyKPYoAQg1Tw//QZQ1i0KrpajNXeECWob95NcsMO0bQDWj zlFBZtzKAyEkjR2UeNpGwyfLOblGoIrd7x32iS7cloVLi5snXkZqITAiIFY53bMO 8416J3PC5fqknzmHp6OpoVU8l9w7jZ+FYD6kHwL7wpQmcYwT+jgfe+0zxzTtLOR9 rzsogqXFaptWunWWMg9/5UdL1Z3EWWhlzRlxr4WPsAsVotT11thNfcoIsahBM1rB 94AIlyNwvJ/pJbFXfU9l2OrSPe8mAtm7L76O0gfwl7T7KWST3BVJwzsQmy4qfLg1 EC11DWrUZ9qMNa0zef+smhlmNUCWFAVL9Wk5PiyIVb3LqeXDarY9AUf1yQCh1qPz XH7OOUP6PokGHLoC6Vwmivo6WxRMZg887NwbBJd/eVmRV2w9B8SE8Ef/Bw7sFGeq SUMSL/9EsLBK32nRJpqEG6qkhY90MjGMabP0f2hCcqT/lL1pQH1KMzT7MXYOOl3Q d6Xwg7Od1DcxAS5uAplcuTjkyUUuEE7DTKWfo8s1PVDQbD+pbEqVa/EWkm7xU2Ra pHTwgaUsChjtRs31fUCP+k2pphxx2/7pg0Lbfx7kxSTtUt/MyuAOgLEt8bMJslOJ FhWKYSNrZu62yNO6PWh/QL0ToIJPHm9cNACnt6FDQL/89XWufBnqnWN8bc/k6RC0 Q0rsUmyp63k= =PMBS -----END PGP SIGNATURE-----