Mozilla Firefox: Remote code execution

Mozilla Firefox: Remote code execution A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code. firefox 2020-11-11 2020-11-11 753773 remote 82.0.3 78.4.1 82.0.3 82.0.3 78.4.1 78.4.1

Mozilla Firefox is a popular open-source web browser from the Mozilla project.

Invalid assumptions when emitting the the MCallGetProperty opcode in the JavaScript JIT may result in a use-after-free condition.

A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

There is no known workaround at this time.

All Mozilla Firefox users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0.3"

All Mozilla Firefox (bin) users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/firefox-bin-78.4.1:0/esr78"

All Mozilla Firefox (ESR) users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0.3"

All Mozilla Firefox (ESR) bin users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/firefox-bin-78.4.1:0/esr78"

CVE-2020-26950 MFSA-2020-49 sam_c sam_c