Mozilla Firefox: Remote code execution

Mozilla Firefox: Remote code execution A use-after-free in Mozilla Firefox's SCTP handling may allow remote code execution. firefox,thunderbird 2021-01-10 2021-01-10 764161 remote 78.6.1 84.0.2 84.0.2 78.6.1 84.0.2 84.0.2

Mozilla Firefox is a popular open-source web browser from the Mozilla project.

A use-after-free bug was discovered in Mozilla Firefox’s handling of SCTP.

A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

There is no known workaround at this time.

All Firefox ESR users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/firefox-78.6.1:0/esr78"

All Firefox ESR binary users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/firefox-bin-78.6.1:0/esr78"

All Firefox users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-84.0.2"

All Firefox binary users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-84.0.2"

CVE-2020-16044 MFSA-2021-01 sam_c sam_c