CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6815
https://notcve.org/view.php?id=CVE-2020-6815
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria y seguridad de scripts presentes en Firefox versión 73. Algunos de estos bugs mostraron evidencia de corrupción de la memoria o escalada de privilegios y presumimos que con un esfuerzo suficiente algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431 https://www.mozilla.org/security/advisories/mfsa2020-08 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6812 – Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
https://notcve.org/view.php?id=CVE-2020-6812
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1616661 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6812 https://bugzilla.redhat.com/show_bug.cgi?id=1812204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6810
https://notcve.org/view.php?id=CVE-2020-6810
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74. Después de que un sitio web ingresó al modo de pantalla completa, podría haber usado una ventana emergente aperturada previamente para ocultar la notificación que indica que el navegador está en modo de pantalla completa. Combinado con la suplantación del navegador Chrome, esto podría haber conllevado a confundir al usuario acerca del origen actual de la página y el robo de credenciales u otros ataques. • https://bugzilla.mozilla.org/show_bug.cgi?id=1432856 https://www.mozilla.org/security/advisories/mfsa2020-08 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6808
https://notcve.org/view.php?id=CVE-2020-6808
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. Cuando una JavaScript URL (javascript:) es evaluada y el resultado es una cadena, esta cadena es analizada para crear un documento HTML, que luego es presentado. Anteriormente, la URL de este documento (según lo reportado por la propiedad document.location, por ejemplo) era el URL javascript: de origen que podría conllevar a ataques de suplantación de identidad; ahora es correctamente la URL del documento de origen. • https://bugzilla.mozilla.org/show_bug.cgi?id=1247968 https://www.mozilla.org/security/advisories/mfsa2020-08 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6801
https://notcve.org/view.php?id=CVE-2020-6801
Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73. Los desarrolladores de Mozilla han reportado bugs de seguridad de la memoria presentes en Firefox versión 72. Algunos de estos bugs mostraron evidencias de corrupción de memoria y presumimos que con esfuerzo suficiente algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492 https://usn.ubuntu.com/4278-2 https://www.mozilla.org/security/advisories/mfsa2020-05 • CWE-787: Out-of-bounds Write •