Lucene search

K
rosalinux
ROSA LABROSA-SA-2021-1835
HistoryJul 02, 2021 - 4:43 p.m.

Advisory ROSA-SA-2021-1835

2021-07-0216:43:38
ROSA LAB
abf.rosalinux.ru
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.918 High

EPSS

Percentile

98.8%

Software: firefox 78.5.0
OS: Cobalt 7.9

CVE-ID: CVE-2020-12400
CVE-Crit: MEDIUM
CVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-12400
CVE-Crit: MEDIUM
CVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-12401
CVE-Crit: MEDIUM
CVE-DESC: During ECDSA signature generation, a fill applied in the one-time number intended to provide constant scalar multiplication was removed, resulting in a secret-dependent variable-time execution. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-12401
CVE-Crit: MEDIUM
CVE-DESC: During ECDSA signature generation, a fill applied in the one-time number intended to provide constant scalar multiplication was removed, resulting in a secret-dependent variable-time execution. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15652
CVE-Crit: MEDIUM
CVE-DESC: By observing the stack trace for JavaScript errors in webworkers, it was possible to get a leaked redirect result from another source. This only applies to content that can be parsed as script. This vulnerability affects Firefox <79, Firefox ESR <68.11, Firefox ESR <78.1, Thunderbird <68.11 and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15653
CVE-Crit: MEDIUM
CVE-DESC: An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could lead to security issues for websites using a sandbox configuration that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <78.1, Firefox <79 and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15654
CVE-Crit: MEDIUM
CVE-DESC: In an infinite loop, a website that defines a customizable cursor using CSS can give the impression that the user is interacting with the UI when this is not the case. This could lead to the perception of a faulty state, especially when interaction with existing browser dialogs and alerts is not working. This vulnerability affects Firefox ESR <78.1, Firefox <79 and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15655
CVE-Crit: MEDIUM
CVE-DESC: A redirected HTTP request that is tracked or modified via a web extension can bypass existing CORS checks, which could lead to the disclosure of information about different sources. This vulnerability affects Firefox ESR <78.1, Firefox <79, and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15656
CVE-Crit: HIGH
CVE-DESC: JIT optimization using the Javascript arguments object can confuse later optimizations. This risk has already been mitigated through various precautions in the code, resulting in this bug being rated as moderate severity. This vulnerability affects Firefox ESR <78.1, Firefox <79 and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15658
CVE-Crit: MEDIUM
CVE-DESC: The file upload code does not properly handle special characters, causing an attacker to be able to cut off a file ending at an earlier position, resulting in a different file type being uploaded than shown in the dialog box. This vulnerability affects Firefox ESR <78.1, Firefox <79, and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15659
CVE-Crit: HIGH
CVE-DESC: Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <79, Firefox ESR <68.11, Firefox ESR <78.1, Thunderbird <68.11, and Thunderbird <78.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15671
CVE-Crit: LOW
CVE-DESC: When entering a password under certain conditions, a race could occur when InputContext was not correctly set for the input field, resulting in the typed password being stored in the keyboard dictionary. This vulnerability affects Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15670
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox for Android 79. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <80, Firefox ESR <78.2, Thunderbird <78.2 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15670
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox for Android 79. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <80, Firefox ESR <78.2, Thunderbird <78.2 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15668
CVE-Crit: MEDIUM
CVE-DESC: there was a missing lock when accessing the data structure and importing certificate information into the trust database. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15668
CVE-Crit: MEDIUM
CVE-DESC: there was a missing lock when accessing the data structure and importing certificate information into the trust database. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15674
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 80. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <81.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15675
CVE-Crit: HIGH
CVE-DESC: surface processing may outlast a persistent buffer lifetime, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <81.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15667
CVE-Crit: HIGH
CVE-DESC: When processing a MAR update file after signature verification, an invalid name length can cause a heap overflow, resulting in memory corruption and potentially arbitrary code execution. In Firefox, released by Mozilla, this issue can only be exploited using a Mozilla-managed signature key. This vulnerability affects Firefox <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15666
CVE-Crit: MEDIUM
CVE-DESC: When attempting to download non-video in an audio/video context, the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via a MediaError message. This level of information leakage is incompatible with standardized error / success disclosure and could lead to logon status output for services or device discovery on the local network among other attacks. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15666
CVE-Crit: MEDIUM
CVE-DESC: When attempting to download non-video in an audio/video context, the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via a MediaError message. This level of information leakage is incompatible with standardized error / success disclosure and could lead to logon status output for services or device discovery on the local network among other attacks. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15665
CVE-Crit: MEDIUM
CVE-DESC: Firefox did not reset the address bar after displaying a dialog box before loading if the user chose to stay on the page. This could result in displaying the wrong URL when used in conjunction with other unexpected browser behavior. This vulnerability affects Firefox <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15664
CVE-Crit: MEDIUM
CVE-DESC: By holding the eval () function link from the about: blank window, the malicious web page could access the InstallTrigger object, which would allow them to prompt the user to install the extension. Combined with user confusion, this could lead to the installation of an unintended or malicious extension. This vulnerability affects Firefox <80, Thunderbird <78.2, Thunderbird <68.12, Firefox ESR <68.12, Firefox ESR <78.2 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15664
CVE-Crit: MEDIUM
CVE-DESC: By holding the eval () function link from the about: blank window, the malicious web page could access the InstallTrigger object, which would allow them to prompt the user to install the extension. Combined with user confusion, this could lead to the installation of an unintended or malicious extension. This vulnerability affects Firefox <80, Thunderbird <78.2, Thunderbird <68.12, Firefox ESR <68.12, Firefox ESR <78.2 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15663
CVE-Crit: HIGH
CVE-DESC: If Firefox is installed in a user writable directory, the Mozilla service will run updater.exe from the installation location with system privileges. While the Mozilla service does ensure that updater.exe is signed by Mozilla, the version could be rolled back to a previous version, which would allow an older bug to be exploited and arbitrary code to be executed with system privileges. * Note. This issue only affected Windows operating systems. Other operating systems are not affected. *. This vulnerability affects Firefox <80, Thunderbird <78.2, Thunderbird <68.12, Firefox ESR <68.12, and Firefox ESR <78.2.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15680
CVE-Crit: MEDIUM
CVE-DESC: If the image tag references a valid external protocol handler, the size of the resulting corrupted image could be distinguished from the size of the corrupted image of the non-existent protocol handler. This allowed an attacker to successfully verify that an external protocol handler had been registered. This vulnerability affects Firefox <82.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15681
CVE-Crit: HIGH
CVE-DESC: When multiple WASM threads had a module reference and searched for exported functions, one WASM thread could overwrite another thread’s entry in a shared stash table, resulting in a potential crash. This vulnerability affects Firefox <82.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15682
CVE-Crit: MEDIUM
CVE-DESC: When an external protocol link was clicked, a prompt was presented that allowed the user to choose in which application to open it. An attacker could force this invitation to be associated with a source they had no control over, resulting in a spoofing attack. This has been fixed by changing the external protocol invitations to tab, and ensuring that they cannot be incorrectly linked to another source. This vulnerability affects Firefox <82.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15684
CVE-Crit: CRITICAL
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 81. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <82.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15673
CVE-Crit: HIGH
CVE-DESC: Mozilla developers have reported memory security bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <81, Thunderbird <78.3, and Firefox ESR <78.3.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15676
CVE-Crit: MEDIUM
CVE-DESC: Firefox sometimes ran a load handler for SVG elements that the DOM cleaner decided to remove, resulting in JavaScript being executed after inserting attacker-controlled data into a content element. This vulnerability affects Firefox <81, Thunderbird <78.3 and Firefox ESR <78.3.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15677
CVE-Crit: MEDIUM.
CVE-DESC: By exploiting an Open Redirect vulnerability in a website, an attacker could spoof the site displayed in the file upload dialog box to show the original site (the one suffering from Open Redirect) rather than the site from which the file was actually downloaded. from. This vulnerability affects Firefox <81, Thunderbird <78.3, and Firefox ESR <78.3.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15678
CVE-Crit: HIGH
CVE-DESC: when recursively viewing graphical layers while scrolling, the iterator may have become invalid, leading to potential use after release. This is because the APZCTreeManager :: ComputeClippedCompositionBounds function did not follow the iterator invalidation rules. This vulnerability affects Firefox <81, Thunderbird <78.3, and Firefox ESR <78.3.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-15683
CVE-Crit: CRITICAL.
CVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR <78.4, Firefox <82 and Thunderbird <78.4.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-16012
CVE-Crit: MEDIUM
CVE-DESC: A side-channel information leak in Graphics in Google Chrome before version 87.0.4280.66 allowed a remote attacker to leak data from different sources via a crafted HTML page.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26950
CVE-Crit: HIGH
CVE-DESC: Under certain circumstances, MCallGetProperty operation code can be emitted with unfulfilled assumptions, resulting in a usable post-release condition. This vulnerability affects Firefox <82.0.3, Firefox ESR <78.4.1, and Thunderbird <78.4.2.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26951
CVE-Crit: MEDIUM
CVE-DESC: A mismatch between parsing and loading events in Firefox SVG code could cause loading events to be triggered even after sanitization. An attacker already capable of exploiting an XSS vulnerability on privileged internal pages could use this attack to bypass our built-in sanitizer. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26952
CVE-Crit: HIGH
CVE-DESC: Improper accounting for features embedded during JIT compilation could lead to memory corruption and potentially a crash when handling memory shortage errors. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26953
CVE-Crit: MEDIUM
CVE-DESC: It was possible to force the browser into full-screen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26954
CVE-Crit: MEDIUM
CVE-DESC: When accepting malicious intent from other installed applications, Firefox for Android accepted manifests from arbitrary file paths and allowed web application manifests to be declared for other sources. This could be used to gain full-screen access to spoof the user interface, and could also lead to attacks from different sources on target websites. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26955
CVE-Crit: MEDIUM
CVE-DESC: When a user downloads a file in Firefox for Android, if a cookie is set, it will be resent during a subsequent file download operation in the same domain, regardless of whether the original and subsequent request were private. and non-private browsing modes. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26956
CVE-Crit: MEDIUM
CVE-DESC: In some cases, removing HTML elements during cleanup will preserve existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26957
CVE-Crit: MEDIUM
CVE-DESC: OneCRL did not work in the new Firefox for Android due to lack of service initialization. This may result in the inability to force revocation of some certificates. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <83.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2020-26958
CVE-Crit: MEDIUM
CVE-DESC: Firefox did not block the execution of scripts with invalid MIME types when the response was intercepted and cached via ServiceWorker. This could have led to a cross-site script inclusion vulnerability or content security policy bypass. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26959
CVE-Crit: HIGH
CVE-DESC: During browser shutdown, reference reduction could occur for a previously freed object, resulting in post-release usage, memory corruption, and potentially crashing. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26960
CVE-Crit: HIGH
CVE-DESC: If the Compact () method were called for an nsTArray array, the array could be reallocated without updating other pointers, leading to potential post-release rejection and possible crash. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26961
CVE-Crit: MEDIUM
CVE-DESC: when DNS over HTTPS is used, it intentionally filters RFC1918 and related IP address ranges out of the responses because they are not meaningful coming from the DoH resolver. However, when an IPv4 address was mapped over IPv6, these addresses were erroneously missed, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26962
CVE-Crit: MEDIUM
CVE-DESC: iframes with different sources containing a login form could have been recognized by the login autofill service and filled in. This could be used in clickjacking attacks and also read through partitions in first-party dynamic isolation. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26963
CVE-Crit: MEDIUM
CVE-DESC: repeated calls to the history and location APIs could be used to hang the browser. This issue was fixed by enforcing a speed limit for these API calls. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26965
CVE-Crit: MEDIUM
CVE-DESC: Some websites have a “Show Password” feature where pressing a button changes the password field to a textbook field, showing the password entered. If, when using a soft keyboard that remembers user input, a user entered their password and used this feature, the password field type was changed, causing the keyboard layout to change and the ability of the soft keyboard to remember the password entered. This vulnerability affects Firefox <83, Firefox ESR <78.5 and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26967
CVE-Crit: MEDIUM
CVE-DESC: When listening for page changes with Mutation Observer, a malicious web page can confuse Firefox screenshots by causing them to interact with elements different from the ones it injected into the page. This would lead to internal errors and unexpected behavior of the screenshot code. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26968
CVE-Crit: HIGH
CVE-DESC: Mozilla developers have reported memory security bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <83, Firefox ESR <78.5, and Thunderbird <78.5.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26969
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 82. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <83.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26975
CVE-Crit: MEDIUM
CVE-DESC: When a malicious app installed on a user’s device broadcasts intent to Firefox for Android, arbitrary headers could be specified, which could lead to attacks such as environment authority abuse or session committing. This has been solved by only allowing certain headers from the safe list. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <84.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26977
CVE-Crit: MEDIUM.
CVE-DESC: By attempting to connect to a website through a non-responsive port, an attacker could control the content of the tab while the URL string displayed the original domain. * Note. This issue only occurs in Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox <84.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26978
CVE-Crit: MEDIUM.
CVE-DESC: Using techniques based on slipstream research, a malicious web page could expose both internal network nodes and services running on the user’s local computer. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26979
CVE-Crit: MEDIUM
CVE-DESC: When a user typed a URL into the address bar or search bar and quickly pressed the enter key, a website could sometimes capture this event and then redirect the user before navigation to the desired entered address occurred. To create a convincing spoof, the attacker would have to guess what the user was typing, possibly suggesting it. This vulnerability affects Firefox <84.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35111
CVE-Crit: MEDIUM
CVE-DESC: When an extension with proxy permission is registered to receive , the proxy.onRequest callback was not triggered for View Source URLs. Although web content cannot go to such URLs, the user who opened View Source could inadvertently pass their IP address. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35113
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory security bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35114
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 83. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <84.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26971
CVE-Crit: HIGH
CVE-DESC: Some user-supplied blit values were not properly constrained, causing a heap buffer overflow on some video drivers. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26972
CVE-Crit: CRITICAL.
CVE-DESC: The IPC actor lifecycle allows managed actors to outlive their managing actors; and the former must ensure that they do not attempt to use the dead actor they reference. Such a check has been omitted in WebGL, resulting in a post-release usage failure and potentially a crash. This vulnerability affects Firefox <84.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26973
CVE-Crit: HIGH
CVE-DESC: Some CSS Sanitizer input confuses it, causing it to remove incorrect components. This could have been used as a sanitizer workaround. This vulnerability affects Firefox <84, Thunderbird <78.6 and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26974
CVE-Crit: HIGH
CVE-DESC: The StyleGenericFlexBasis object may have been incorrectly cast to the wrong type when using a flexible table shell framework. This resulted in user memory loss upon release, memory corruption, and potentially a crash. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26976
CVE-Crit: MEDIUM
CVE-DESC: When HTTPS pages were embedded in an HTTP page and a serviceworker was registered for the former, the serviceworker could intercept the secure page request even though the iframe was not a secure context due to ( insecure) framing. This vulnerability affects Firefox <84.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-6829
CVE-Crit: MEDIUM
CVE-DESC: the wNAF point multiplication algorithm was used when performing scalar EC point multiplication; this leaked partial information about the nonce used in signature generation. Given the electromagnetic trace of several generations of the signature, it was possible to compute the private key. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-6829
CVE-Crit: MEDIUM
CVE-DESC: the wNAF point multiplication algorithm was used when performing scalar EC point multiplication; this leaked partial information about the nonce used in signature generation. Given the electromagnetic trace of several generations of the signature, it was possible to compute the private key. This vulnerability affects Firefox <80 and Firefox for Android <80.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23953
CVE-Crit: MEDIUM
CVE-DESC: If a user clicked on a specially crafted PDF file, a PDF reader could become confused to leak information from different sources when said information is served as fragmented data. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23954
CVE-Crit: HIGH
CVE-DESC: The use of new boolean assignment operators in JavaScript switch statement could cause type confusion, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23955
CVE-Crit: MEDIUM
CVE-DESC: The browser could get confused about passing the lock state of a pointer to another tab, which could lead to clickjacking attacks. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23956
CVE-Crit: MEDIUM
CVE-DESC: The ambiguous design of the file selector tool could confuse users who intended to select and upload a single file to download an entire catalog. This issue was fixed by adding a new prompt. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23957
CVE-Crit: HIGH
CVE-DESC: Navigating the Android-specific intent URL scheme may have been improperly used to exit the isolated iframe programmatic environment. Note. This issue only affected Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <85.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2021-23958
CVE-Crit: MEDIUM
CVE-DESC: The browser could get confused by moving the screen sharing state to another tab, which could leak unintended information. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23959
CVE-Crit: MEDIUM
CVE-DESC: XSS error on internal error pages could lead to various spoofing attacks, including other error pages and the address bar. Note. This issue only affected Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <85.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2021-23960
CVE-Crit: HIGH
CVE-DESC: Garbage collection for re-declared JavaScript variables resulted in a “user-post-error” and a potential crash. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23961
CVE-Crit: HIGH
CVE-DESC: Further techniques based on the investigation of a hidden thread combined with a malicious web page could reveal both hosts on the internal network and services running on the user’s local computer. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23962
CVE-Crit: HIGH
CVE-DESC: misuse of the “” method could lead to user “poisoning” and potentially crashing. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23963
CVE-Crit: MEDIUM
CVE-DESC: When sharing geolocation while WebRTC sharing is active, Firefox could reset the webRTC sharing state in the user interface, resulting in a loss of control over the currently granted permission. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23964
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory security bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23965
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 84. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <85.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23968
CVE-Crit: MEDIUM
CVE-DESC: If the content security policy blocked frame navigation, the full destination of the redirect served in the frame was reported in the breach report; as opposed to the original frame URI. This could be exploited to leak sensitive information contained in such URIs. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23969
CVE-Crit: MEDIUM
CVE-DESC: As stated in the W3C Content Security Policy Draft, when creating a violation report, “user agents should ensure that the source file is the URL requested by the page performing the pre-rendering. If this is not possible, user agents should to shorten the URL to the source to avoid inadvertent leakage.” For certain types of redirects, Firefox incorrectly set the source file as the redirect destination. This has been fixed to be the source of the redirection destination. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23970
CVE-Crit: MEDIUM
CVE-DESC: context-sensitive code has been included in a generic jump table; which triggers assertions in multi-threaded wasm code. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23971
CVE-Crit: MEDIUM
CVE-DESC: When processing a redirect with a conflicting referrer policy, Firefox would accept the redirect’s referrer policy. This could potentially result in more information being provided to the redirect recipient than intended by the original source. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23972
CVE-Crit: HIGH
CVE-DESC: One of the online phishing tactics is to provide a link with HTTP authentication. For example, https: //www.phishingtarget.com@evil.com. To mitigate this type of attack, Firefox will display a warning dialog box; however, this warning dialog box would not be displayed if evil.com used a redirect cached by the browser. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23973
CVE-Crit: MEDIUM
CVE-DESC: A decoding error could occur when attempting to load a cross-origin resource in an audio/video context, and the contents of this error could reveal information about the resource. This vulnerability affects Firefox <86, Thunderbird <78.8 and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23974
CVE-Crit: MEDIUM
CVE-DESC: The DOMParser API incorrectly handled elements for escaping. It can be used as an mXSS vector to bypass the HTML cleanup tool. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23975
CVE-Crit: MEDIUM
CVE-DESC: There is a measure function on the about: memory developer page that lets you know what types of objects the browser has allocated and their sizes. When this function was called, we incorrectly called the sizeof function instead of using an API method that checks for invalid pointers. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23976
CVE-Crit: HIGH
CVE-DESC: When accepting malicious intent from other installed applications, Firefox for Android accepted manifests from arbitrary file paths and allowed web application manifests to be declared for other sources. This could be used to gain full-screen access for UI spoofing, and could also lead to multi-source attacks on target websites. Note. This issue is different from CVE-2020-26954 and only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23977
CVE-Crit: MEDIUM
CVE-DESC: Firefox for Android suffers from a “check-time-use-time” vulnerability that allows a malicious app to read sensitive data from app directories. Note. This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox <86.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2021-23978
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory security bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23979
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 85. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <86.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23981
CVE-Crit: HIGH
CVE-DESC: Loading a pixel buffer object texture could confuse WebGL code by missing the binding of the buffer used to decompress it, resulting in memory corruption and a potential information leak or crash. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23982
CVE-Crit: MEDIUM.
CVE-DESC: Using techniques based on slipstream research, a malicious web page could scan both hosts on the internal network and services running on the user’s local computer using WebRTC connections. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23983
CVE-Crit: MEDIUM
CVE-DESC: By causing a transition on the parent node by removing a CSS rule, an invalid property for the token could have been applied, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23984
CVE-Crit: MEDIUM
CVE-DESC: A malicious extension could open a popup window without an address bar. The title of a popup without an address bar shouldn’t be completely controllable, but in this situation it was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23985
CVE-Crit: MEDIUM
CVE-DESC: If an attacker could change certain values of about: config (e.g. malware running on the user’s computer), the Devtools remote debugging feature could be enabled in a way that is invisible to the user. This would allow a remote attacker (able to establish a direct network connection to the victim) to monitor the user’s browser activity and network traffic (plaintext). This was resolved by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23986
CVE-Crit: MEDIUM
CVE-DESC: A malicious extension with “search” permission could have installed a new search engine whose icon referenced a URL from different sources. The response to this cross-origin request could have been read by the extension, circumventing the single-source policy for an extension that should not have cross-origin permissions. This cross-source request was made without cookies, so the sensitive information exposed by the breach was limited to local network resources or resources that perform IP-based authentication. This vulnerability affects Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23987
CVE-Crit: HIGH
CVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23988
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory safety errors present in Firefox 86. Some of these bugs indicated memory corruption, and we hypothesize that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox <87.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchfirefox< 78.5.0UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.918 High

EPSS

Percentile

98.8%

Related for ROSA-SA-2021-1835