CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26961 – Mozilla: DoH did not filter IPv4 mapped IP Addresses
https://notcve.org/view.php?id=CVE-2020-26961
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Cuando un DNS sobre HTTPS está en uso, intencionalmente filtra el RFC1918 y los rangos de IP relacionados con las respuestas, ya que no tiene sentido al venir de un resolutor de DoH. Sin embargo, cuando una dirección IPv4 fue mapeada por medio de IPv6, estas direcciones fueron dejadas pasar erróneamente, conllevando a un potencial ataque de DNS Rebinding. • https://bugzilla.mozilla.org/show_bug.cgi?id=1672528 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26961 https://bugzilla.redhat.com/show_bug.cgi?id=1898738 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.3EPSS: 91%CPEs: 3EXPL: 2CVE-2020-26950 – Mozilla: Write side effects in MCallGetProperty opcode not accounted for
https://notcve.org/view.php?id=CVE-2020-26950
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. En determinadas circunstancias, el opcode MCallGetProperty puede ser emitido con suposiciones no cumplidas, resultando en una condición de uso de la memoria previamente liberada explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 82.0.3, Firefox ESR versiones anteriores a 78.4.1, y Thunderbird versiones anteriores a 78.4.2 • http://packetstormsecurity.com/files/166175/Firefox-MCallGetProperty-Write-Side-Effects-Use-After-Free.html https://bugzilla.mozilla.org/show_bug.cgi?id=1675905 https://www.mozilla.org/security/advisories/mfsa2020-49 https://access.redhat.com/security/cve/CVE-2020-26950 https://bugzilla.redhat.com/show_bug.cgi?id=1896306 https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 https://www.sentinelone.com/labs/firefox-jit-use-after-frees-exploiting-cve-2020-26950 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15680
https://notcve.org/view.php?id=CVE-2020-15680
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. Si fue referenciado un manejador de protocolo externo válido en una etiqueta de imagen, el tamaño de imagen rota resultante podría distinguirse de un tamaño de imagen rota de un manejador de protocolo inexistente. Esto permitió que un atacante probara con éxito si se había registrado un manejador de protocolo externo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1658881 https://www.mozilla.org/security/advisories/mfsa2020-45 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15681
https://notcve.org/view.php?id=CVE-2020-15681
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. Cuando múltiples subprocesos WASM presentaban una referencia a un módulo y buscaban funciones exportadas, un subproceso WASM podría haber sobrescrito la entrada de otro en una tabla de códigos auxiliares compartida, lo que resultó en un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 82 • https://bugzilla.mozilla.org/show_bug.cgi?id=1666568 https://www.mozilla.org/security/advisories/mfsa2020-45 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15682
https://notcve.org/view.php?id=CVE-2020-15682
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. Cuando se hacía clic en un enlace a un protocolo externo, se presentaba un mensaje que le permitía al usuario elegir en qué aplicación lo abriera. • https://bugzilla.mozilla.org/show_bug.cgi?id=1636654 https://www.mozilla.org/security/advisories/mfsa2020-45 • CWE-346: Origin Validation Error •