CVE-2020-15673 – Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
https://notcve.org/view.php?id=CVE-2020-15673
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Los desarrolladores de Mozilla reportaron unos bugs de seguridad de la memoria presentes en Firefox versión 80 y Firefox ESR versión 78.2. Algunos de estos bugs han mostrado evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800 https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html https://security.gentoo.org/glsa/202010-02 https://www.debian.org/security/2020/dsa-4770 https://www.mozilla.org/security/advisories/mfsa2020-42 https://www.mozilla.org/security/advisories/mfsa2020-43 https:/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVE-2020-15669 – Mozilla: Use-After-Free when aborting an operation
https://notcve.org/view.php?id=CVE-2020-15669
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. Cuando se anula una operación, como una recuperación, puede ser eliminada una señal de cancelación mientras se alerta a los objetos que deben ser notificados. Esto resulta en un uso de la memoria previamente liberada y suponemos que con suficiente esfuerzo podría haber sido explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1656957 https://www.mozilla.org/security/advisories/mfsa2020-37 https://www.mozilla.org/security/advisories/mfsa2020-40 https://access.redhat.com/security/cve/CVE-2020-15669 https://bugzilla.redhat.com/show_bug.cgi?id=1872532 • CWE-416: Use After Free •
CVE-2020-15664 – Mozilla: Attacker-induced prompt for extension installation
https://notcve.org/view.php?id=CVE-2020-15664
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. Al mantener una referencia a la función eval() desde una ventana about:blank, una página web maliciosa podría haber conseguido acceso al objeto InstallTrigger, lo que le permitiría solicitar al usuario que instale una extensión. Combinado con la confusión del usuario, esto podría resultar en la instalación de una extensión maliciosa o involuntaria. • https://bugzilla.mozilla.org/show_bug.cgi?id=1658214 https://www.mozilla.org/security/advisories/mfsa2020-36 https://www.mozilla.org/security/advisories/mfsa2020-37 https://www.mozilla.org/security/advisories/mfsa2020-38 https://www.mozilla.org/security/advisories/mfsa2020-39 https://www.mozilla.org/security/advisories/mfsa2020-40 https://www.mozilla.org/security/advisories/mfsa2020-41 https://access.redhat.com/security/cve/CVE-2020-15664 https://bugzilla.redhat.com/show_bug.cgi?id=1872 • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVE-2020-15648 – Mozilla: X-Frame-Options bypass using object or embed tags
https://notcve.org/view.php?id=CVE-2020-15648
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. Usando objetos o etiquetas insertadas, fue posible enmarcar otros sitios web, incluso si no permitían el encuadre usando el encabezado X-Frame-Options. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78 y Firefox versiones anteriores a 78.0.2 • https://bugzilla.mozilla.org/show_bug.cgi?id=1644076 https://www.mozilla.org/security/advisories/mfsa2020-28 https://www.mozilla.org/security/advisories/mfsa2020-29 https://access.redhat.com/security/cve/CVE-2020-15648 https://bugzilla.redhat.com/show_bug.cgi?id=1872537 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2020-15658 – Mozilla: Overriding file type when saving to disk
https://notcve.org/view.php?id=CVE-2020-15658
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. El código para descargar archivos no toma cuidado apropiadamente de los caracteres especiales, lo que conllevaba a que un atacante sea capaz de cortar el archivo que terminaba en una posición anterior, conllevando a que sea descargado un tipo de archivo diferente al mostrado en el cuadro de diálogo. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.1, Firefox versiones anteriores a 79 y Thunderbird versiones anteriores a 78.1 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1637745 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 https://access.redhat.com/security/cve/CVE-2020-15658 https://bugzilla.redhat.com/show_bug.cgi?id=1861647 • CWE-138: Improper Neutralization of Special Elements CWE-754: Improper Check for Unusual or Exceptional Conditions •