mozilla
/
foundation-security-advisories
зеркало из https://github.com/mozilla/foundation-security-advisories.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add FPVI&SCSB disclosure for Firefox ESR 78.9 and Firefox 87

This commit is contained in:
Frederik Braun 2021-06-08 09:48:23 +02:00 коммит произвёл Tom Ritter
Родитель 69c7798b88
Коммит a9fb0002be
2 изменённых файлов: 19 добавлений и 1 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
announce/2021/mfsa2021-10.yml
Просмотреть файл

@ -5,8 +5,16 @@ fixed_in:
- Firefox 87
title: Security Vulnerabilities fixed in Firefox 87
description: |
<b>Note</b>: This advisory was updated May 3, 2021 to include CVE-2021-29951 which was also fixed in this release.
<b>Note</b>: This advisory was updated May 3, 2021 to include CVE-2021-29951 and again on June 8, 2021 to include CVE-2021-29955 - both were also fixed in this release.
advisories:
CVE-2021-29955:
title: Transient Execution Vulnerability allowed leaking arbitrary memory address
impact: high
reporter: Hany Ragab, Enrico Barberis, Herbert Bos, and Cristiano Giuffrida from the VUSec group at VU Amsterdam
description: |
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.)
bugs:
- url: 1692972
CVE-2021-23981:
title: Texture upload into an unbound backing buffer resulted in an out-of-bound read
impact: high

10
announce/2021/mfsa2021-11.yml
Просмотреть файл

@ -4,7 +4,17 @@ impact: high
fixed_in:
- Firefox ESR 78.9
title: Security Vulnerabilities fixed in Firefox ESR 78.9
description: |
<b>Note</b>: This advisory was updated June 8, 2021 to include CVE-2021-29955 which was also fixed in this release.
advisories:
CVE-2021-29955:
title: Transient Execution Vulnerability allowed leaking arbitrary memory address
impact: high
reporter: Hany Ragab, Enrico Barberis, Herbert Bos, and Cristiano Giuffrida from the VUSec group at VU Amsterdam
description: |
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.)
bugs:
- url: 1692972
CVE-2021-23981:
title: Texture upload into an unbound backing buffer resulted in an out-of-bound read
impact: high