Hello there,
it looks like Firefox in the /e/ apps store is outdated again.
The current version downloadable in the store is 68.8.1 (updated on 2020-05-20).
The most recent version from Mozilla is: 68.9.0 (released 2020-06-02)
The version in Google Play is: 68.9.0 (available in the Play Store since 2020-06-02)
The version available from APKpure is: 68.9.0 (available since 2020-06-09)
So the following security issues are open for /e/ users who downloaded and use Firefox 68.8.1 from the /e/ apps store:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
Reporter
Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University
Impact
high
Description
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
References
Bug 1631576
#CVE-2020-12405: Use-after-free in SharedWorkerService
Reporter
Marcin ‘Icewall’ Noga of Cisco Talos
Impact
high
Description
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
References
Bug 1631618
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
Reporter
Iain Ireland
Impact
high
Description
Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code.
References
Bug 1639590
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
@Manoj can you please keep and eye on this? Thank you very much!
Regards