====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN006
_____________________________________________________________________

DATE                : 11/01/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to 84.0.2,
                            for Android 84.1.3, ESR 78.6.1.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2021-01
Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android
84.1.3, and Firefox ESR 78.6.1

Announced          January 6, 2021
Impact             critical
Products           Firefox, Firefox ESR, Firefox for Android
Fixed in
        Firefox 84.0.2
        Firefox ESR 78.6.1
        Firefox for Android 84.1.3


#CVE-2020-16044: Use-after-free write when handling a malicious
COOKIE-ECHO SCTP chunk

Reporter           Ned Williamson
Impact            critical

Description

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP
packet in a way that potentially resulted in a use-after-free. We
presume that with enough effort it could have been exploited to run
arbitrary code.


References

    Bug 1683964


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================