CVE-2020-26968 – Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
https://notcve.org/view.php?id=CVE-2020-26968
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. ... This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 82 y Firefox ESR versión 78.4....  Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78,5 y Thunderbird versiones anteriores a 78,5 • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26968 https://bugzilla.redhat.com/show_bug.cgi?id=1898741 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2020-26950 – Mozilla: Write side effects in MCallGetProperty opcode not accounted for
https://notcve.org/view.php?id=CVE-2020-26950
This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 82.0.3, Firefox ESR versiones anteriores a 78.4.1, y Thunderbird versiones anteriores a 78.4.2 • http://packetstormsecurity.com/files/166175/Firefox-MCallGetProperty-Write-Side-Effects-Use-After-Free.html https://bugzilla.mozilla.org/show_bug.cgi?... id=1896306 https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 https://www.sentinelone.com/labs/firefox-jit-use-after-frees-exploiting-cve-2020-26950 • CWE-416: Use After Free •
CVE-2020-15684
https://notcve.org/view.php?id=CVE-2020-15684
Mozilla developers reported memory safety bugs present in Firefox 81. ... This vulnerability affects Firefox < 82. Los desarrolladores de Mozilla informaron bugs de seguridad de la memoria presentes en Firefox versión 81. ...  Esta vulnerabilidad afecta a Firefox versiones anteriores a 82 • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1653764%2C1661402%2C1662259%2C1664257 https://www.mozilla.org/security/advisories/mfsa2020-45 • CWE-416: Use After Free •
CVE-2020-15683 – Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
https://notcve.org/view.php?id=CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. ... This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 81 y Firefox ESR versión 78.3....  Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78,4, Firefox versiones anteriores a 82 y Thunderbird versiones anteriores a 78,4 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140 https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html https://security.gentoo.org/glsa/202010 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2020-15663
https://notcve.org/view.php?id=CVE-2020-15663
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. ... This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. Si Firefox está instalado en un directorio escribible por el usuario, el Servicio de Mantenimiento de Mozilla ejecutará el archivo updater.exe desde la ubicación de instalación con privilegios del sistema....  Esta vulnerabilidad afecta a Firefox versiones anteriores a 80, Thunderbird versiones anteriores a 78.2, Thunderbird versiones anteriores a 68.12, Firefox ESR versiones anteriores a 68.12 y Firefox ESR versiones anteriores a 78.2 • https://bugzilla.mozilla.org/show_bug.cgi?id=1643199 https://www.mozilla.org/security/advisories/mfsa2020-36 https://www.mozilla.org/security/advisories/mfsa2020-37 https://www.mozilla.org/security/advisories/mfsa2020-38 https://www.mozilla.org/security/advisories/mfsa2020-40 https://www.mozilla.org/security/advisories/mfsa2020-41 • CWE-427: Uncontrolled Search Path Element •