-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0067
MFSA 2021-01 Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for
                  Android 84.1.3, and Firefox ESR 78.6.1
                              7 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Firefox
                   Firefox ESR
Publisher:         Mozilla
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16044  

Original Bulletin: 
   https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/

- --------------------------BEGIN INCLUDED TEXT--------------------

Mozilla Foundation Security Advisory 2021-01

Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3,
and Firefox ESR 78.6.1

Announced: January  6, 2021
Impact:    critical
Products:  Firefox, Firefox ESR, Firefox for Android
Fixed in:  Firefox 84.0.2
Firefox ESR 78.6.1
Firefox for Android 84.1.3

# CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO
SCTP chunk

Reporter: Ned Williamson
Impact:   critical

Description

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a
way that potentially resulted in a use-after-free. We presume that with enough
effort it could have been exploited to run arbitrary code.

References

  o Bug 1683964

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/ZZYuNLKJtyKPYoAQg1Tw//QZQ1i0KrpajNXeECWob95NcsMO0bQDWj
zlFBZtzKAyEkjR2UeNpGwyfLOblGoIrd7x32iS7cloVLi5snXkZqITAiIFY53bMO
8416J3PC5fqknzmHp6OpoVU8l9w7jZ+FYD6kHwL7wpQmcYwT+jgfe+0zxzTtLOR9
rzsogqXFaptWunWWMg9/5UdL1Z3EWWhlzRlxr4WPsAsVotT11thNfcoIsahBM1rB
94AIlyNwvJ/pJbFXfU9l2OrSPe8mAtm7L76O0gfwl7T7KWST3BVJwzsQmy4qfLg1
EC11DWrUZ9qMNa0zef+smhlmNUCWFAVL9Wk5PiyIVb3LqeXDarY9AUf1yQCh1qPz
XH7OOUP6PokGHLoC6Vwmivo6WxRMZg887NwbBJd/eVmRV2w9B8SE8Ef/Bw7sFGeq
SUMSL/9EsLBK32nRJpqEG6qkhY90MjGMabP0f2hCcqT/lL1pQH1KMzT7MXYOOl3Q
d6Xwg7Od1DcxAS5uAplcuTjkyUUuEE7DTKWfo8s1PVDQbD+pbEqVa/EWkm7xU2Ra
pHTwgaUsChjtRs31fUCP+k2pphxx2/7pg0Lbfx7kxSTtUt/MyuAOgLEt8bMJslOJ
FhWKYSNrZu62yNO6PWh/QL0ToIJPHm9cNACnt6FDQL/89XWufBnqnWN8bc/k6RC0
Q0rsUmyp63k=
=PMBS
-----END PGP SIGNATURE-----