8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.0%
Severity: Critical
Date : 2020-11-17
CVE-ID : CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26952
CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959
CVE-2020-26960 CVE-2020-26961 CVE-2020-26962 CVE-2020-26963
CVE-2020-26965 CVE-2020-26967 CVE-2020-26968 CVE-2020-26969
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1279
The package firefox before version 83.0-1 is vulnerable to multiple
issues including arbitrary code execution, access restriction bypass,
content spoofing, cross-site scripting, information disclosure,
insufficient validation, denial of service and incorrect calculation.
Upgrade to 83.0-1.
The problems have been fixed upstream in version 83.0.
None.
A heap buffer overflow has been found in freetype2 before 2.10.4.
Malformed TTF files with PNG sbit glyphs can cause a heap buffer
overflow in Load_SBit_Png as libpng uses the original 32-bit values,
which are saved in png_struct. If the original width and/or height are
greater than 65535, the allocated buffer won’t be able to fit the
bitmap.
An information disclosure issue has been found in Firefox before 83.0
and chromium before 87.0.4280.66. When drawing a transparent image on
top of an unknown cross-origin image, the Skia library drawImage
function took a variable amount of time depending on the content of the
underlying image. This resulted in potential cross-origin information
exposure of image content through timing side-channel attacks.
A parsing and event loading mismatch has been found in Firefox’s SVG
code before 83.0 and could have allowed load events to fire, even after
sanitization. An attacker already capable of exploiting an XSS
vulnerability in privileged internal pages could have used this attack
to bypass the built-in sanitizer.
A security issue has been found in Firefox before 83.0 where incorrect
bookkeeping of functions inlined during JIT compilation could have led
to memory corruption and a potentially exploitable crash when handling
out-of-memory errors.
A security issue has been found in Firefox before 83.0 where it was
possible to cause the browser to enter fullscreen mode without
displaying the security UI; thus making it possible to attempt a
phishing attack or otherwise confuse the user.
A security issue has been found in Firefox before 83.0 where, in some
cases, removing HTML elements during sanitization would keep existing
SVG event handlers and therefore lead to XSS.
Firefox before 83.0 did not block execution of scripts with incorrect
MIME types when the response was intercepted and cached through a
ServiceWorker. This could lead to a cross-site script inclusion
vulnerability, or a Content Security Policy bypass.
A security issue has been found in Firefox before 83.0 where, during
browser shutdown, reference decrementing could have occurred on a
previously freed object, resulting in a use-after-free, memory
corruption, and a potentially exploitable crash.
A security issue has been found in Firefox before 83.0 where, if the
Compact() method was called on an nsTArray, the array could have been
reallocated without updating other pointers, leading to a potential
use-after-free and exploitable crash.
A security issue has been found in Firefox before 83.0 where, when DNS
over HTTPS is in use, it intentionally filters RFC1918 and related IP
ranges from the responses as these do not make sense coming from a DoH
resolver. However when an IPv4 address was mapped through IPv6, these
addresses were erroneously let through, leading to a potential DNS
Rebinding attack.
A security issue has been found in Firefox before 83.0, where cross-
origin iframes that contained a login form could have been recognized
by the login autofill service, and populated. This could have been used
in clickjacking attacks, as well as be read across partitions in
dynamic first party isolation.
A denial of service issue has been found in Firefox before 83.0, where
repeated calls to the history and location interfaces could have been
used to hang the browser. This was addressed by introducing rate-
limiting to these API calls.
An information disclosure issue has been found in Firefox before 83.0.
Some websites have a feature “Show Password” where clicking a button
will change a password field into a textbox field, revealing the typed
password. If, when using a software keyboard that remembers user input,
a user typed their password and used that feature, the type of the
password field was changed, resulting in a keyboard layout change and
the possibility for the software keyboard to remember the typed
password.
A security issue has been found in Firefox before 83.0 where, when
listening for page changes with a Mutation Observer, a malicious web
page could confuse Firefox Screenshots into interacting with elements
other than those that it injected into the page. This would lead to
internal errors and unexpected behavior in the Screenshots code.
Several memory safety issues have been found in Firefox before 83.0 and
Firefox ESR before 78.4. Some of these bugs showed evidence of memory
corruption and Mozilla presumes that with enough effort some of these
could have been exploited to run arbitrary code.
Several memory safety issues have been found in Firefox before 83.0.
Some of these bugs showed evidence of memory corruption and Mozilla
presumes that with enough effort some of these could have been
exploited to run arbitrary code.
A remote attacker might be able to access sensitive information, bypass
security measures, trick a user into performing unwanted actions, crash
the browser or execute arbitrary code.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
https://savannah.nongnu.org/bugs/?59308
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012
https://bugzilla.mozilla.org/show_bug.cgi?id=1642028
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951
https://bugzilla.mozilla.org/show_bug.cgi?id=1667113
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
https://bugzilla.mozilla.org/show_bug.cgi?id=1667685
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953
https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958
https://bugzilla.mozilla.org/show_bug.cgi?id=1669355
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959
https://bugzilla.mozilla.org/show_bug.cgi?id=1669466
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960
https://bugzilla.mozilla.org/show_bug.cgi?id=1670358
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961
https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
https://bugzilla.mozilla.org/show_bug.cgi?id=610997
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963
https://bugzilla.mozilla.org/show_bug.cgi?id=1314912
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965
https://bugzilla.mozilla.org/show_bug.cgi?id=1661617
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967
https://bugzilla.mozilla.org/show_bug.cgi?id=1665820
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1623920%2C1651705%2C1667872%2C1668876
https://security.archlinux.org/CVE-2020-15999
https://security.archlinux.org/CVE-2020-16012
https://security.archlinux.org/CVE-2020-26951
https://security.archlinux.org/CVE-2020-26952
https://security.archlinux.org/CVE-2020-26953
https://security.archlinux.org/CVE-2020-26956
https://security.archlinux.org/CVE-2020-26958
https://security.archlinux.org/CVE-2020-26959
https://security.archlinux.org/CVE-2020-26960
https://security.archlinux.org/CVE-2020-26961
https://security.archlinux.org/CVE-2020-26962
https://security.archlinux.org/CVE-2020-26963
https://security.archlinux.org/CVE-2020-26965
https://security.archlinux.org/CVE-2020-26967
https://security.archlinux.org/CVE-2020-26968
https://security.archlinux.org/CVE-2020-26969
git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923
bugzilla.mozilla.org/buglist.cgi?bug_id=1623920%2C1651705%2C1667872%2C1668876
bugzilla.mozilla.org/show_bug.cgi?id=1314912
bugzilla.mozilla.org/show_bug.cgi?id=1642028
bugzilla.mozilla.org/show_bug.cgi?id=1656741
bugzilla.mozilla.org/show_bug.cgi?id=1661617
bugzilla.mozilla.org/show_bug.cgi?id=1665820
bugzilla.mozilla.org/show_bug.cgi?id=1667113
bugzilla.mozilla.org/show_bug.cgi?id=1667685
bugzilla.mozilla.org/show_bug.cgi?id=1669355
bugzilla.mozilla.org/show_bug.cgi?id=1669466
bugzilla.mozilla.org/show_bug.cgi?id=1670358
bugzilla.mozilla.org/show_bug.cgi?id=1672528
bugzilla.mozilla.org/show_bug.cgi?id=610997
savannah.nongnu.org/bugs/?59308
security.archlinux.org/AVG-1279
security.archlinux.org/CVE-2020-15999
security.archlinux.org/CVE-2020-16012
security.archlinux.org/CVE-2020-26951
security.archlinux.org/CVE-2020-26952
security.archlinux.org/CVE-2020-26953
security.archlinux.org/CVE-2020-26956
security.archlinux.org/CVE-2020-26958
security.archlinux.org/CVE-2020-26959
security.archlinux.org/CVE-2020-26960
security.archlinux.org/CVE-2020-26961
security.archlinux.org/CVE-2020-26962
security.archlinux.org/CVE-2020-26963
security.archlinux.org/CVE-2020-26965
security.archlinux.org/CVE-2020-26967
security.archlinux.org/CVE-2020-26968
security.archlinux.org/CVE-2020-26969
www.mozilla.org/en-US/security/advisories/mfsa2020-50/
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.0%