http://bugzilla.opensuse.org/show_bug.cgi?id=1180623 Bug ID: 1180623 Summary: VUL-0: CVE-2020-16044: MozillaFirefox: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (MFSA 2021-01) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: cgrobertson@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: mozilla-bugs@suse.de, security-team@suse.de, wolfgang@rosenauer.org Found By: Corporate Interoperability Test Blocker: --- A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. Fixed in Firefox 84.0.2, Firefox ESR 78.6.1 References: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/ https://bugzilla.mozilla.org/show_bug.cgi?id=1683964 https://www.mozilla.org/en-US/firefox/84.0.2/releasenotes/ https://www.mozilla.org/en-US/firefox/78.6.1/releasenotes/ -- You are receiving this mail because: You are on the CC list for the bug.