CVE-2020-26961 – Mozilla: DoH did not filter IPv4 mapped IP Addresses
https://notcve.org/view.php?id=CVE-2020-26961
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Cuando un DNS sobre HTTPS está en uso, intencionalmente filtra el RFC1918 y los rangos de IP relacionados con las respuestas, ya que no tiene sentido al venir de un resolutor de DoH. Sin embargo, cuando una dirección IPv4 fue mapeada por medio de IPv6, estas direcciones fueron dejadas pasar erróneamente, conllevando a un potencial ataque de DNS Rebinding. • https://bugzilla.mozilla.org/show_bug.cgi?id=1672528 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26961 https://bugzilla.redhat.com/show_bug.cgi?id=1898738 • CWE-358: Improperly Implemented Security Check for Standard •
CVE-2020-26950 – Mozilla: Write side effects in MCallGetProperty opcode not accounted for
https://notcve.org/view.php?id=CVE-2020-26950
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. En determinadas circunstancias, el opcode MCallGetProperty puede ser emitido con suposiciones no cumplidas, resultando en una condición de uso de la memoria previamente liberada explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 82.0.3, Firefox ESR versiones anteriores a 78.4.1, y Thunderbird versiones anteriores a 78.4.2 • http://packetstormsecurity.com/files/166175/Firefox-MCallGetProperty-Write-Side-Effects-Use-After-Free.html https://bugzilla.mozilla.org/show_bug.cgi?id=1675905 https://www.mozilla.org/security/advisories/mfsa2020-49 https://access.redhat.com/security/cve/CVE-2020-26950 https://bugzilla.redhat.com/show_bug.cgi?id=1896306 https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 https://www.sentinelone.com/labs/firefox-jit-use-after-frees-exploiting-cve-2020-26950 • CWE-416: Use After Free •
CVE-2020-15683 – Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
https://notcve.org/view.php?id=CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 81 y Firefox ESR versión 78.3. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140 https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html https://security.gentoo.org/glsa/202010 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2020-15663
https://notcve.org/view.php?id=CVE-2020-15663
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=1643199 https://www.mozilla.org/security/advisories/mfsa2020-36 https://www.mozilla.org/security/advisories/mfsa2020-37 https://www.mozilla.org/security/advisories/mfsa2020-38 https://www.mozilla.org/security/advisories/mfsa2020-40 https://www.mozilla.org/security/advisories/mfsa2020-41 • CWE-427: Uncontrolled Search Path Element •
CVE-2020-15670
https://notcve.org/view.php?id=CVE-2020-15670
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. Los desarrolladores de Mozilla reportaron de unos bugs de seguridad de la memoria presentes en Firefox para Android versión 79. Algunos de estos bugs han mostrado evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651001%2C1653626%2C1656957 https://www.mozilla.org/security/advisories/mfsa2020-36 https://www.mozilla.org/security/advisories/mfsa2020-38 https://www.mozilla.org/security/advisories/mfsa2020-39 https://www.mozilla.org/security/advisories/mfsa2020-41 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-617: Reachable Assertion •