When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.
{"ubuntucve": [{"lastseen": "2023-12-02T14:11:57", "description": "When a malicious application installed on the user's device broadcast an\nIntent to Firefox for Android, arbitrary headers could have been specified,\nleading to attacks such as abusing ambient authority or session fixation.\nThis was resolved by only allowing certain safe-listed headers. *Note: This\nissue only affected Firefox for Android. Other operating systems are\nunaffected.*. This vulnerability affects Firefox < 84.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-07T00:00:00", "type": "ubuntucve", "title": "CVE-2020-26975", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26975"], "modified": "2021-01-07T00:00:00", "id": "UB:CVE-2020-26975", "href": "https://ubuntu.com/security/CVE-2020-26975", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-12-02T16:03:56", "description": "When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-07T14:15:00", "type": "cve", "title": "CVE-2020-26975", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26975"], "modified": "2021-01-12T15:38:00", "cpe": [], "id": "CVE-2020-26975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26975", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "prion": [{"lastseen": "2023-11-22T01:32:56", "description": "When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-07T14:15:00", "type": "prion", "title": "Session fixation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26975"], "modified": "2021-01-12T15:38:00", "id": "PRION:CVE-2020-26975", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-26975", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-12-02T18:24:24", "description": "When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-07T14:15:00", "type": "debiancve", "title": "CVE-2020-26975", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26975"], "modified": "2021-01-07T14:15:00", "id": "DEBIANCVE:CVE-2020-26975", "href": "https://security-tracker.debian.org/tracker/CVE-2020-26975", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-26T16:47:19", "description": "firefox is vulnerable to session fixation. Firefox for Android allows a malicious application to broadcast a user's Intent with arbitrary headers, allowing attacks such as session fixation.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-07T16:32:42", "type": "veracode", "title": "Session Fixation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26975"], "modified": "2021-01-12T17:57:35", "id": "VERACODE:28911", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28911/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-18T15:25:58", "description": "The version of Firefox installed on the remote macOS or Mac OS X host is prior to 84.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-54 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 84.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113", "CVE-2020-35114"], "modified": "2021-02-25T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOS_FIREFOX_84_0.NASL", "href": "https://www.tenable.com/plugins/nessus/144283", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-54.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144283);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26972\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26975\",\n \"CVE-2020-26976\",\n \"CVE-2020-26977\",\n \"CVE-2020-26978\",\n \"CVE-2020-26979\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\",\n \"CVE-2020-35114\"\n );\n script_xref(name:\"MFSA\", value:\"2020-54\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0051-S\");\n\n script_name(english:\"Mozilla Firefox < 84.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote macOS or Mac OS X host is prior to 84.0. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2020-54 advisory. Note that Nessus has not tested for this issue but\nhas instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 84.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26972\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:FALSE, fix:'84.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:37", "description": "The version of Firefox installed on the remote Windows host is prior to 84.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-54 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 84.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113", "CVE-2020-35114"], "modified": "2021-02-25T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_84_0.NASL", "href": "https://www.tenable.com/plugins/nessus/144282", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-54.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144282);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26972\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26975\",\n \"CVE-2020-26976\",\n \"CVE-2020-26977\",\n \"CVE-2020-26978\",\n \"CVE-2020-26979\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\",\n \"CVE-2020-35114\"\n );\n script_xref(name:\"MFSA\", value:\"2020-54\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0051-S\");\n\n script_name(english:\"Mozilla Firefox < 84.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior to 84.0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-54 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 84.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26972\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'84.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mozilla": [{"lastseen": "2023-12-02T16:48:56", "description": "When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read.\nCertain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.\nThe lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash.\nCertain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.\nWhen flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash.\nWhen a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers.Note: This issue only affected Firefox for Android. Other operating systems are unaffected.\nWhen a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing.\nBy attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.\nUsing techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.\nWhen a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it.\nWhen an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.\nIf a user downloaded a file lacking an extension on Windows, and then \"Open\"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.Note: This issue only affected Windows operating systems. Other operating systems are unaffected.\nMozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\nMozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T00:00:00", "type": "mozilla", "title": "Security Vulnerabilities fixed in Firefox 84 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113", "CVE-2020-35114"], "modified": "2020-12-15T00:00:00", "id": "MFSA2020-54", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-12-02T16:27:41", "description": "### *Detect date*:\n12/15/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox earlier than 84\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA2020-54](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2020-16042](<https://vulners.com/cve/CVE-2020-16042>)4.3Warning \n[CVE-2020-26975](<https://vulners.com/cve/CVE-2020-26975>)4.3Warning \n[CVE-2020-35111](<https://vulners.com/cve/CVE-2020-35111>)4.3Warning \n[CVE-2020-35112](<https://vulners.com/cve/CVE-2020-35112>)6.8High \n[CVE-2020-26976](<https://vulners.com/cve/CVE-2020-26976>)4.3Warning \n[CVE-2020-26977](<https://vulners.com/cve/CVE-2020-26977>)4.3Warning \n[CVE-2020-26974](<https://vulners.com/cve/CVE-2020-26974>)6.8High \n[CVE-2020-35114](<https://vulners.com/cve/CVE-2020-35114>)6.8High \n[CVE-2020-26972](<https://vulners.com/cve/CVE-2020-26972>)7.5Critical \n[CVE-2020-26971](<https://vulners.com/cve/CVE-2020-26971>)6.8High \n[CVE-2020-35113](<https://vulners.com/cve/CVE-2020-35113>)6.8High \n[CVE-2020-26979](<https://vulners.com/cve/CVE-2020-26979>)5.8High \n[CVE-2020-26978](<https://vulners.com/cve/CVE-2020-26978>)5.8High \n[CVE-2020-26973](<https://vulners.com/cve/CVE-2020-26973>)6.8High", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T00:00:00", "type": "kaspersky", "title": "KLA12029 Multiple vulnerabilities in Mozilla Firefox", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113", "CVE-2020-35114"], "modified": "2020-12-16T00:00:00", "id": "KLA12029", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12029/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-05-29T17:50:29", "description": "## Summary\n\nMultiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-23978](<https://vulners.com/cve/CVE-2021-23978>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23968](<https://vulners.com/cve/CVE-2021-23968>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when the full destination of a redirect served in the frame was reported in the violation report. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain the destination of a redirect. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197288](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197288>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23969](<https://vulners.com/cve/CVE-2021-23969>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the failure to correctly set the source file to be the destination of the redirects when creating a violation report. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain the destination of a redirect. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197285>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23973](<https://vulners.com/cve/CVE-2021-23973>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when trying to load a cross-origin resource in an audio/video context. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain information about the resource. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197295>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-35111](<https://vulners.com/cve/CVE-2020-35111>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the failure to catch view-source URLs by the proxy.onRequest API. By persuading a victim to open View Source, a remote attacker could exploit this vulnerability to disclose their IP address. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193228](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193228>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26976](<https://vulners.com/cve/CVE-2020-26976>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by insecure framing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to intercept HTTPS pages from a registered service worker. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193224](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193224>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-35114](<https://vulners.com/cve/CVE-2020-35114>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26973](<https://vulners.com/cve/CVE-2020-26973>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the performance of incorrect sanitation by the CSS Sanitizer. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to remove incorrect components. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26978](<https://vulners.com/cve/CVE-2020-26978>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the use of techniques built on the slipstream research. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to expose internal network&#39;s hosts as well as services running on the user&#39;s local machine. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193226>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26972](<https://vulners.com/cve/CVE-2020-26972>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193217](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193217>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26971](<https://vulners.com/cve/CVE-2020-26971>) \n** DESCRIPTION: **Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193220](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193220>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35112](<https://vulners.com/cve/CVE-2020-35112>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error when opening an extension-less download. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to launch an executable and execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193229>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35113](<https://vulners.com/cve/CVE-2020-35113>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26974](<https://vulners.com/cve/CVE-2020-26974>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a heap use-after-free when a StyleGenericFlexBasis object is incorrectly cast to the wrong type. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193222](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193222>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26979](<https://vulners.com/cve/CVE-2020-26979>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when entering an address in the address or search bars. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the address bar. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26975](<https://vulners.com/cve/CVE-2020-26975>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to hijack a user&#39;s session, caused by an error related to the installation of malicious applications. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to gain access to another user&#39;s session. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193223](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193223>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26977](<https://vulners.com/cve/CVE-2020-26977>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the use of an unresponsive port. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-23963](<https://vulners.com/cve/CVE-2021-23963>) \n** DESCRIPTION: **Mozilla Firefox could provide weaker than expected security, caused by the resetting of the webRTC sharing state in the user interface when sharing geolocation during an active WebRTC share. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause loss of control over the currently granted permission. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195651](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195651>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-23954](<https://vulners.com/cve/CVE-2021-23954>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a type confuson when using logical assignment operators in JavaScript switch statements. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195642](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195642>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23959](<https://vulners.com/cve/CVE-2021-23959>) \n** DESCRIPTION: **Mozilla Firefox for Android is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the internal error pages. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim&#39;s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim&#39;s cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-23955](<https://vulners.com/cve/CVE-2021-23955>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to conduct clickjacking attack, caused by the misuse of requestPointerLock. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to hijack the clicking actions of another user. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-23956](<https://vulners.com/cve/CVE-2021-23956>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the use of an ambiguous file picker design. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to disclose a complete directory and obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23960](<https://vulners.com/cve/CVE-2021-23960>) \n** DESCRIPTION: **Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-poison when performing garbage collection on re-declared JavaScript variable. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23965](<https://vulners.com/cve/CVE-2021-23965>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23957](<https://vulners.com/cve/CVE-2021-23957>) \n** DESCRIPTION: **Mozilla Firefox for Android could allow a remote attacker to bypass security restrictions. By using the intent URL scheme, a remote attacker could exploit this vulnerability to bypass the iframe sandbox. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-23961](<https://vulners.com/cve/CVE-2021-23961>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when techniques built on the slipstream research are combined with a malicious webpage. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to expose both an internal network&#39;s hosts as well as services running on the user&#39;s local machine. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195649](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195649>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23964](<https://vulners.com/cve/CVE-2021-23964>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23962](<https://vulners.com/cve/CVE-2021-23962>) \n** DESCRIPTION: **Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-poison when incorrectly using the RowCountChanged method. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23953](<https://vulners.com/cve/CVE-2021-23953>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a cross-origin information leakage. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23958](<https://vulners.com/cve/CVE-2021-23958>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the transfer of a screen sharing state into another tab. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain screen sharing permission. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195646](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195646>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23987](<https://vulners.com/cve/CVE-2021-23987>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23982](<https://vulners.com/cve/CVE-2021-23982>) \n** DESCRIPTION: **Mozilla Firefox could provide weaker than expected security when using techniques that built on the slipstream research. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to probe internal network hosts. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-23981](<https://vulners.com/cve/CVE-2021-23981>) \n** DESCRIPTION: **Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-bound read when a texture upload of a Pixel Buffer Object confuses the WebGL code to skip binding the buffer used to unpack it. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt memory and cause the browser to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198594](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198594>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23984](<https://vulners.com/cve/CVE-2021-23984>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a malicious extension opening a popup window. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the Web site and attempt to trick the user into providing credentials. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198597](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198597>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-16044](<https://vulners.com/cve/CVE-2020-16044>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194273](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194273>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** Third Party Entry: **196306 \n** DESCRIPTION: **Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking in depth pitch calculations for compressed textures. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/196306 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| before 2.3 \n \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Multicloud Management 2.3 by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T11:41:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16044", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113", "CVE-2020-35114", "CVE-2021-23953", "CVE-2021-23954", "CVE-2021-23955", "CVE-2021-23956", "CVE-2021-23957", "CVE-2021-23958", "CVE-2021-23959", "CVE-2021-23960", "CVE-2021-23961", "CVE-2021-23962", "CVE-2021-23963", "CVE-2021-23964", "CVE-2021-23965", "CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23973", "CVE-2021-23978", "CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23984", "CVE-2021-23987"], "modified": "2021-05-18T11:41:03", "id": "068DC45BB0B5F8D1F4017D90011D30274786A5B13B9459512CEA6B2DDD502B3B", "href": "https://www.ibm.com/support/pages/node/6454029", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rosalinux": [{"lastseen": "2023-12-02T21:45:45", "description": "Software: firefox 78.5.0\nOS: Cobalt 7.9\n\nCVE-ID: CVE-2020-12400\nCVE-Crit: MEDIUM\nCVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-12400\nCVE-Crit: MEDIUM\nCVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-12401\nCVE-Crit: MEDIUM\nCVE-DESC: During ECDSA signature generation, a fill applied in the one-time number intended to provide constant scalar multiplication was removed, resulting in a secret-dependent variable-time execution. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-12401\nCVE-Crit: MEDIUM\nCVE-DESC: During ECDSA signature generation, a fill applied in the one-time number intended to provide constant scalar multiplication was removed, resulting in a secret-dependent variable-time execution. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15652\nCVE-Crit: MEDIUM\nCVE-DESC: By observing the stack trace for JavaScript errors in webworkers, it was possible to get a leaked redirect result from another source. This only applies to content that can be parsed as script. This vulnerability affects Firefox <79, Firefox ESR <68.11, Firefox ESR <78.1, Thunderbird <68.11 and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15653\nCVE-Crit: MEDIUM\nCVE-DESC: An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could lead to security issues for websites using a sandbox configuration that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <78.1, Firefox <79 and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15654\nCVE-Crit: MEDIUM\nCVE-DESC: In an infinite loop, a website that defines a customizable cursor using CSS can give the impression that the user is interacting with the UI when this is not the case. This could lead to the perception of a faulty state, especially when interaction with existing browser dialogs and alerts is not working. This vulnerability affects Firefox ESR <78.1, Firefox <79 and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15655\nCVE-Crit: MEDIUM\nCVE-DESC: A redirected HTTP request that is tracked or modified via a web extension can bypass existing CORS checks, which could lead to the disclosure of information about different sources. This vulnerability affects Firefox ESR <78.1, Firefox <79, and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15656\nCVE-Crit: HIGH\nCVE-DESC: JIT optimization using the Javascript arguments object can confuse later optimizations. This risk has already been mitigated through various precautions in the code, resulting in this bug being rated as moderate severity. This vulnerability affects Firefox ESR <78.1, Firefox <79 and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15658\nCVE-Crit: MEDIUM\nCVE-DESC: The file upload code does not properly handle special characters, causing an attacker to be able to cut off a file ending at an earlier position, resulting in a different file type being uploaded than shown in the dialog box. This vulnerability affects Firefox ESR <78.1, Firefox <79, and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15659\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <79, Firefox ESR <68.11, Firefox ESR <78.1, Thunderbird <68.11, and Thunderbird <78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15671\nCVE-Crit: LOW\nCVE-DESC: When entering a password under certain conditions, a race could occur when InputContext was not correctly set for the input field, resulting in the typed password being stored in the keyboard dictionary. This vulnerability affects Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15670\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox for Android 79. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <80, Firefox ESR <78.2, Thunderbird <78.2 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15670\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox for Android 79. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <80, Firefox ESR <78.2, Thunderbird <78.2 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15668\nCVE-Crit: MEDIUM\nCVE-DESC: there was a missing lock when accessing the data structure and importing certificate information into the trust database. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15668\nCVE-Crit: MEDIUM\nCVE-DESC: there was a missing lock when accessing the data structure and importing certificate information into the trust database. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15674\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 80. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <81\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15675\nCVE-Crit: HIGH\nCVE-DESC: surface processing may outlast a persistent buffer lifetime, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <81\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15667\nCVE-Crit: HIGH\nCVE-DESC: When processing a MAR update file after signature verification, an invalid name length can cause a heap overflow, resulting in memory corruption and potentially arbitrary code execution. In Firefox, released by Mozilla, this issue can only be exploited using a Mozilla-managed signature key. This vulnerability affects Firefox <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15666\nCVE-Crit: MEDIUM\nCVE-DESC: When attempting to download non-video in an audio/video context, the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via a MediaError message. This level of information leakage is incompatible with standardized error / success disclosure and could lead to logon status output for services or device discovery on the local network among other attacks. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15666\nCVE-Crit: MEDIUM\nCVE-DESC: When attempting to download non-video in an audio/video context, the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via a MediaError message. This level of information leakage is incompatible with standardized error / success disclosure and could lead to logon status output for services or device discovery on the local network among other attacks. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15665\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox did not reset the address bar after displaying a dialog box before loading if the user chose to stay on the page. This could result in displaying the wrong URL when used in conjunction with other unexpected browser behavior. This vulnerability affects Firefox <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15664\nCVE-Crit: MEDIUM\nCVE-DESC: By holding the eval () function link from the about: blank window, the malicious web page could access the InstallTrigger object, which would allow them to prompt the user to install the extension. Combined with user confusion, this could lead to the installation of an unintended or malicious extension. This vulnerability affects Firefox <80, Thunderbird <78.2, Thunderbird <68.12, Firefox ESR <68.12, Firefox ESR <78.2 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15664\nCVE-Crit: MEDIUM\nCVE-DESC: By holding the eval () function link from the about: blank window, the malicious web page could access the InstallTrigger object, which would allow them to prompt the user to install the extension. Combined with user confusion, this could lead to the installation of an unintended or malicious extension. This vulnerability affects Firefox <80, Thunderbird <78.2, Thunderbird <68.12, Firefox ESR <68.12, Firefox ESR <78.2 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15663\nCVE-Crit: HIGH\nCVE-DESC: If Firefox is installed in a user writable directory, the Mozilla service will run updater.exe from the installation location with system privileges. While the Mozilla service does ensure that updater.exe is signed by Mozilla, the version could be rolled back to a previous version, which would allow an older bug to be exploited and arbitrary code to be executed with system privileges. * Note. This issue only affected Windows operating systems. Other operating systems are not affected. *. This vulnerability affects Firefox <80, Thunderbird <78.2, Thunderbird <68.12, Firefox ESR <68.12, and Firefox ESR <78.2.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15680\nCVE-Crit: MEDIUM\nCVE-DESC: If the image tag references a valid external protocol handler, the size of the resulting corrupted image could be distinguished from the size of the corrupted image of the non-existent protocol handler. This allowed an attacker to successfully verify that an external protocol handler had been registered. This vulnerability affects Firefox <82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15681\nCVE-Crit: HIGH\nCVE-DESC: When multiple WASM threads had a module reference and searched for exported functions, one WASM thread could overwrite another thread's entry in a shared stash table, resulting in a potential crash. This vulnerability affects Firefox <82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15682\nCVE-Crit: MEDIUM\nCVE-DESC: When an external protocol link was clicked, a prompt was presented that allowed the user to choose in which application to open it. An attacker could force this invitation to be associated with a source they had no control over, resulting in a spoofing attack. This has been fixed by changing the external protocol invitations to tab, and ensuring that they cannot be incorrectly linked to another source. This vulnerability affects Firefox <82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15684\nCVE-Crit: CRITICAL\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 81. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15673\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers have reported memory security bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <81, Thunderbird <78.3, and Firefox ESR <78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15676\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox sometimes ran a load handler for SVG elements that the DOM cleaner decided to remove, resulting in JavaScript being executed after inserting attacker-controlled data into a content element. This vulnerability affects Firefox <81, Thunderbird <78.3 and Firefox ESR <78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15677\nCVE-Crit: MEDIUM.\nCVE-DESC: By exploiting an Open Redirect vulnerability in a website, an attacker could spoof the site displayed in the file upload dialog box to show the original site (the one suffering from Open Redirect) rather than the site from which the file was actually downloaded. from. This vulnerability affects Firefox <81, Thunderbird <78.3, and Firefox ESR <78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15678\nCVE-Crit: HIGH\nCVE-DESC: when recursively viewing graphical layers while scrolling, the iterator may have become invalid, leading to potential use after release. This is because the APZCTreeManager :: ComputeClippedCompositionBounds function did not follow the iterator invalidation rules. This vulnerability affects Firefox <81, Thunderbird <78.3, and Firefox ESR <78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15683\nCVE-Crit: CRITICAL.\nCVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR <78.4, Firefox <82 and Thunderbird <78.4.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-16012\nCVE-Crit: MEDIUM\nCVE-DESC: A side-channel information leak in Graphics in Google Chrome before version 87.0.4280.66 allowed a remote attacker to leak data from different sources via a crafted HTML page.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26950\nCVE-Crit: HIGH\nCVE-DESC: Under certain circumstances, MCallGetProperty operation code can be emitted with unfulfilled assumptions, resulting in a usable post-release condition. This vulnerability affects Firefox <82.0.3, Firefox ESR <78.4.1, and Thunderbird <78.4.2.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26951\nCVE-Crit: MEDIUM\nCVE-DESC: A mismatch between parsing and loading events in Firefox SVG code could cause loading events to be triggered even after sanitization. An attacker already capable of exploiting an XSS vulnerability on privileged internal pages could use this attack to bypass our built-in sanitizer. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26952\nCVE-Crit: HIGH\nCVE-DESC: Improper accounting for features embedded during JIT compilation could lead to memory corruption and potentially a crash when handling memory shortage errors. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26953\nCVE-Crit: MEDIUM\nCVE-DESC: It was possible to force the browser into full-screen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26954\nCVE-Crit: MEDIUM\nCVE-DESC: When accepting malicious intent from other installed applications, Firefox for Android accepted manifests from arbitrary file paths and allowed web application manifests to be declared for other sources. This could be used to gain full-screen access to spoof the user interface, and could also lead to attacks from different sources on target websites. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26955\nCVE-Crit: MEDIUM\nCVE-DESC: When a user downloads a file in Firefox for Android, if a cookie is set, it will be resent during a subsequent file download operation in the same domain, regardless of whether the original and subsequent request were private. and non-private browsing modes. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26956\nCVE-Crit: MEDIUM\nCVE-DESC: In some cases, removing HTML elements during cleanup will preserve existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26957\nCVE-Crit: MEDIUM\nCVE-DESC: OneCRL did not work in the new Firefox for Android due to lack of service initialization. This may result in the inability to force revocation of some certificates. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <83\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26958\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox did not block the execution of scripts with invalid MIME types when the response was intercepted and cached via ServiceWorker. This could have led to a cross-site script inclusion vulnerability or content security policy bypass. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26959\nCVE-Crit: HIGH\nCVE-DESC: During browser shutdown, reference reduction could occur for a previously freed object, resulting in post-release usage, memory corruption, and potentially crashing. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26960\nCVE-Crit: HIGH\nCVE-DESC: If the Compact () method were called for an nsTArray array, the array could be reallocated without updating other pointers, leading to potential post-release rejection and possible crash. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26961\nCVE-Crit: MEDIUM\nCVE-DESC: when DNS over HTTPS is used, it intentionally filters RFC1918 and related IP address ranges out of the responses because they are not meaningful coming from the DoH resolver. However, when an IPv4 address was mapped over IPv6, these addresses were erroneously missed, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26962\nCVE-Crit: MEDIUM\nCVE-DESC: iframes with different sources containing a login form could have been recognized by the login autofill service and filled in. This could be used in clickjacking attacks and also read through partitions in first-party dynamic isolation. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26963\nCVE-Crit: MEDIUM\nCVE-DESC: repeated calls to the history and location APIs could be used to hang the browser. This issue was fixed by enforcing a speed limit for these API calls. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26965\nCVE-Crit: MEDIUM\nCVE-DESC: Some websites have a \"Show Password\" feature where pressing a button changes the password field to a textbook field, showing the password entered. If, when using a soft keyboard that remembers user input, a user entered their password and used this feature, the password field type was changed, causing the keyboard layout to change and the ability of the soft keyboard to remember the password entered. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26967\nCVE-Crit: MEDIUM\nCVE-DESC: When listening for page changes with Mutation Observer, a malicious web page can confuse Firefox screenshots by causing them to interact with elements different from the ones it injected into the page. This would lead to internal errors and unexpected behavior of the screenshot code. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26968\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers have reported memory security bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26969\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 82. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26975\nCVE-Crit: MEDIUM\nCVE-DESC: When a malicious app installed on a user's device broadcasts intent to Firefox for Android, arbitrary headers could be specified, which could lead to attacks such as environment authority abuse or session committing. This has been solved by only allowing certain headers from the safe list. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26977\nCVE-Crit: MEDIUM.\nCVE-DESC: By attempting to connect to a website through a non-responsive port, an attacker could control the content of the tab while the URL string displayed the original domain. * Note. This issue only occurs in Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26978\nCVE-Crit: MEDIUM.\nCVE-DESC: Using techniques based on slipstream research, a malicious web page could expose both internal network nodes and services running on the user's local computer. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26979\nCVE-Crit: MEDIUM\nCVE-DESC: When a user typed a URL into the address bar or search bar and quickly pressed the enter key, a website could sometimes capture this event and then redirect the user before navigation to the desired entered address occurred. To create a convincing spoof, the attacker would have to guess what the user was typing, possibly suggesting it. This vulnerability affects Firefox <84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-35111\nCVE-Crit: MEDIUM\nCVE-DESC: When an extension with proxy permission is registered to receive , the proxy.onRequest callback was not triggered for View Source URLs. Although web content cannot go to such URLs, the user who opened View Source could inadvertently pass their IP address. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-35113\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory security bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-35114\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 83. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26971\nCVE-Crit: HIGH\nCVE-DESC: Some user-supplied blit values were not properly constrained, causing a heap buffer overflow on some video drivers. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26972\nCVE-Crit: CRITICAL.\nCVE-DESC: The IPC actor lifecycle allows managed actors to outlive their managing actors; and the former must ensure that they do not attempt to use the dead actor they reference. Such a check has been omitted in WebGL, resulting in a post-release usage failure and potentially a crash. This vulnerability affects Firefox <84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26973\nCVE-Crit: HIGH\nCVE-DESC: Some CSS Sanitizer input confuses it, causing it to remove incorrect components. This could have been used as a sanitizer workaround. This vulnerability affects Firefox <84, Thunderbird <78.6 and Firefox ESR <78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26974\nCVE-Crit: HIGH\nCVE-DESC: The StyleGenericFlexBasis object may have been incorrectly cast to the wrong type when using a flexible table shell framework. This resulted in user memory loss upon release, memory corruption, and potentially a crash. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26976\nCVE-Crit: MEDIUM\nCVE-DESC: When HTTPS pages were embedded in an HTTP page and a serviceworker was registered for the former, the serviceworker could intercept the secure page request even though the iframe was not a secure context due to ( insecure) framing. This vulnerability affects Firefox <84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-6829\nCVE-Crit: MEDIUM\nCVE-DESC: the wNAF point multiplication algorithm was used when performing scalar EC point multiplication; this leaked partial information about the nonce used in signature generation. Given the electromagnetic trace of several generations of the signature, it was possible to compute the private key. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-6829\nCVE-Crit: MEDIUM\nCVE-DESC: the wNAF point multiplication algorithm was used when performing scalar EC point multiplication; this leaked partial information about the nonce used in signature generation. Given the electromagnetic trace of several generations of the signature, it was possible to compute the private key. This vulnerability affects Firefox <80 and Firefox for Android <80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23953\nCVE-Crit: MEDIUM\nCVE-DESC: If a user clicked on a specially crafted PDF file, a PDF reader could become confused to leak information from different sources when said information is served as fragmented data. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23954\nCVE-Crit: HIGH\nCVE-DESC: The use of new boolean assignment operators in JavaScript switch statement could cause type confusion, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23955\nCVE-Crit: MEDIUM\nCVE-DESC: The browser could get confused about passing the lock state of a pointer to another tab, which could lead to clickjacking attacks. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23956\nCVE-Crit: MEDIUM\nCVE-DESC: The ambiguous design of the file selector tool could confuse users who intended to select and upload a single file to download an entire catalog. This issue was fixed by adding a new prompt. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23957\nCVE-Crit: HIGH\nCVE-DESC: Navigating the Android-specific `intent` URL scheme may have been improperly used to exit the isolated iframe programmatic environment. Note. This issue only affected Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <85\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23958\nCVE-Crit: MEDIUM\nCVE-DESC: The browser could get confused by moving the screen sharing state to another tab, which could leak unintended information. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23959\nCVE-Crit: MEDIUM\nCVE-DESC: XSS error on internal error pages could lead to various spoofing attacks, including other error pages and the address bar. Note. This issue only affected Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <85\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23960\nCVE-Crit: HIGH\nCVE-DESC: Garbage collection for re-declared JavaScript variables resulted in a \"user-post-error\" and a potential crash. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23961\nCVE-Crit: HIGH\nCVE-DESC: Further techniques based on the investigation of a hidden thread combined with a malicious web page could reveal both hosts on the internal network and services running on the user's local computer. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23962\nCVE-Crit: HIGH\nCVE-DESC: misuse of the \"\" method could lead to user \"poisoning\" and potentially crashing. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23963\nCVE-Crit: MEDIUM\nCVE-DESC: When sharing geolocation while WebRTC sharing is active, Firefox could reset the webRTC sharing state in the user interface, resulting in a loss of control over the currently granted permission. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23964\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory security bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23965\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 84. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23968\nCVE-Crit: MEDIUM\nCVE-DESC: If the content security policy blocked frame navigation, the full destination of the redirect served in the frame was reported in the breach report; as opposed to the original frame URI. This could be exploited to leak sensitive information contained in such URIs. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23969\nCVE-Crit: MEDIUM\nCVE-DESC: As stated in the W3C Content Security Policy Draft, when creating a violation report, \"user agents should ensure that the source file is the URL requested by the page performing the pre-rendering. If this is not possible, user agents should to shorten the URL to the source to avoid inadvertent leakage.\" For certain types of redirects, Firefox incorrectly set the source file as the redirect destination. This has been fixed to be the source of the redirection destination. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23970\nCVE-Crit: MEDIUM\nCVE-DESC: context-sensitive code has been included in a generic jump table; which triggers assertions in multi-threaded wasm code. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23971\nCVE-Crit: MEDIUM\nCVE-DESC: When processing a redirect with a conflicting referrer policy, Firefox would accept the redirect's referrer policy. This could potentially result in more information being provided to the redirect recipient than intended by the original source. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23972\nCVE-Crit: HIGH\nCVE-DESC: One of the online phishing tactics is to provide a link with HTTP authentication. For example, https: //www.phishingtarget.com@evil.com. To mitigate this type of attack, Firefox will display a warning dialog box; however, this warning dialog box would not be displayed if evil.com used a redirect cached by the browser. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23973\nCVE-Crit: MEDIUM\nCVE-DESC: A decoding error could occur when attempting to load a cross-origin resource in an audio/video context, and the contents of this error could reveal information about the resource. This vulnerability affects Firefox <86, Thunderbird <78.8 and Firefox ESR <78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23974\nCVE-Crit: MEDIUM\nCVE-DESC: The DOMParser API incorrectly handled elements for escaping. It can be used as an mXSS vector to bypass the HTML cleanup tool. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23975\nCVE-Crit: MEDIUM\nCVE-DESC: There is a measure function on the about: memory developer page that lets you know what types of objects the browser has allocated and their sizes. When this function was called, we incorrectly called the sizeof function instead of using an API method that checks for invalid pointers. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23976\nCVE-Crit: HIGH\nCVE-DESC: When accepting malicious intent from other installed applications, Firefox for Android accepted manifests from arbitrary file paths and allowed web application manifests to be declared for other sources. This could be used to gain full-screen access for UI spoofing, and could also lead to multi-source attacks on target websites. Note. This issue is different from CVE-2020-26954 and only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23977\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox for Android suffers from a \"check-time-use-time\" vulnerability that allows a malicious app to read sensitive data from app directories. Note. This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <86\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23978\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory security bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23979\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 85. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23981\nCVE-Crit: HIGH\nCVE-DESC: Loading a pixel buffer object texture could confuse WebGL code by missing the binding of the buffer used to decompress it, resulting in memory corruption and a potential information leak or crash. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23982\nCVE-Crit: MEDIUM.\nCVE-DESC: Using techniques based on slipstream research, a malicious web page could scan both hosts on the internal network and services running on the user's local computer using WebRTC connections. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23983\nCVE-Crit: MEDIUM\nCVE-DESC: By causing a transition on the parent node by removing a CSS rule, an invalid property for the token could have been applied, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23984\nCVE-Crit: MEDIUM\nCVE-DESC: A malicious extension could open a popup window without an address bar. The title of a popup without an address bar shouldn't be completely controllable, but in this situation it was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23985\nCVE-Crit: MEDIUM\nCVE-DESC: If an attacker could change certain values of about: config (e.g. malware running on the user's computer), the Devtools remote debugging feature could be enabled in a way that is invisible to the user. This would allow a remote attacker (able to establish a direct network connection to the victim) to monitor the user's browser activity and network traffic (plaintext). This was resolved by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23986\nCVE-Crit: MEDIUM\nCVE-DESC: A malicious extension with \"search\" permission could have installed a new search engine whose icon referenced a URL from different sources. The response to this cross-origin request could have been read by the extension, circumventing the single-source policy for an extension that should not have cross-origin permissions. This cross-source request was made without cookies, so the sensitive information exposed by the breach was limited to local network resources or resources that perform IP-based authentication. This vulnerability affects Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23987\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23988\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 86. Some of these bugs indicated memory corruption, and we hypothesize that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <87\\.\nCVE-STATUS: default\nCVE-REV: default", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T16:43:38", "type": "rosalinux", "title": "Advisory ROSA-SA-2021-1835", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12400", "CVE-2020-12401", "CVE-2020-15652", "CVE-2020-15653", "CVE-2020-15654", "CVE-2020-15655", "CVE-2020-15656", "CVE-2020-15658", "CVE-2020-15659", "CVE-2020-15663", "CVE-2020-15664", "CVE-2020-15665", "CVE-2020-15666", "CVE-2020-15667", "CVE-2020-15668", "CVE-2020-15670", "CVE-2020-15671", "CVE-2020-15673", "CVE-2020-15674", "CVE-2020-15675", "CVE-2020-15676", "CVE-2020-15677", "CVE-2020-15678", "CVE-2020-15680", "CVE-2020-15681", "CVE-2020-15682", "CVE-2020-15683", "CVE-2020-15684", "CVE-2020-16012", "CVE-2020-26950", "CVE-2020-26951", "CVE-2020-26952", "CVE-2020-26953", "CVE-2020-26954", "CVE-2020-26955", "CVE-2020-26956", "CVE-2020-26957", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26962", "CVE-2020-26963", "CVE-2020-26965", "CVE-2020-26967", "CVE-2020-26968", "CVE-2020-26969", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35113", "CVE-2020-35114", "CVE-2020-6829", "CVE-2021-23953", "CVE-2021-23954", "CVE-2021-23955", "CVE-2021-23956", "CVE-2021-23957", "CVE-2021-23958", "CVE-2021-23959", "CVE-2021-23960", "CVE-2021-23961", "CVE-2021-23962", "CVE-2021-23963", "CVE-2021-23964", "CVE-2021-23965", "CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23970", "CVE-2021-23971", "CVE-2021-23972", "CVE-2021-23973", "CVE-2021-23974", "CVE-2021-23975", "CVE-2021-23976", "CVE-2021-23977", "CVE-2021-23978", "CVE-2021-23979", "CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988"], "modified": "2021-07-02T16:43:38", "id": "ROSA-SA-2021-1835", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2021-1835", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2020-26975
