CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12388 – Firefox Default Content Process DACL Sandbox Escape
https://notcve.org/view.php?id=CVE-2020-12388
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. ... *Nota: este problema solo afecta a Firefox en los sistemas operativos Windows.*. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.8 y Firefox versiones anteriores a 76. • http://packetstormsecurity.com/files/157860/Firefox-Default-Content-Process-DACL-Sandbox-Escape.html https://bugzilla.mozilla.org/show_bug.cgi? • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12389
https://notcve.org/view.php?id=CVE-2020-12389
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. ... *Nota: este problema solo afecta a Firefox en los sistemas operativos Windows.*. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.8 y Firefox versiones anteriores a 76. • https://bugzilla.mozilla.org/show_bug.cgi?id=1554110 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12390
https://notcve.org/view.php?id=CVE-2020-12390
This vulnerability affects Firefox < 76. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 76. • https://bugzilla.mozilla.org/show_bug.cgi?id=1141959 https://www.mozilla.org/security/advisories/mfsa2020-16 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12396
https://notcve.org/view.php?id=CVE-2020-12396
Mozilla developers and community members reported memory safety bugs present in Firefox 75. ... This vulnerability affects Firefox < 76. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 75. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 76. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1339601%2C1611938%2C1620488%2C1622291%2C1627644 https://security.gentoo.org/glsa/202005-04 https://www.mozilla.org/security/advisories/mfsa2020-16 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12395 – Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
https://notcve.org/view.php?id=CVE-2020-12395
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. ... This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 75 y Firefox ESR versión 68.7. ... Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.8, Firefox versiones anteriores a 76 y Thunderbird versiones anteriores a 68.8.0. Memory safety flaws were found in Mozilla Firefox and Thunderbird. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https://www.mozilla.org/security/advisories/mfsa2020-18 https://access.redhat.com/security/cve/CVE-2020-12395 https://bugzilla.redhat.com/show • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •