CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12417 – Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64
https://notcve.org/view.php?id=CVE-2020-12417
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Debido a una confusión acerca de ValueTags en objetos JavaScript, un objeto puede pasar a través de la barrera de tipo, resultando en una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: este problema solo afecta a Firefox en las plataformas ARM64. * Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1640737 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-617: Reachable Assertion CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-12419 – Mozilla: Use-after-free in nsGlobalWindowInner
https://notcve.org/view.php?id=CVE-2020-12419
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Al procesar devoluciones de llamada que ocurrieron durante el vaciado de la ventana en el proceso principal, la ventana asociada puede terminar; causando una condición de uso de la memoria previamente liberada. Esto podría haber conllevado a una corrupción de la memoria y un bloqueo potencialmente explotable. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1643874 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12420 – Mozilla: Use-After-Free when trying to connect to a STUN server
https://notcve.org/view.php?id=CVE-2020-12420
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Al intentar conectarse a un servidor STUN, una condición de carrera podría haber causado un uso de la memoria previamente liberada de un puntero, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1643437 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12421 – Mozilla: Add-On updates did not respect the same certificate trust rules as software updates
https://notcve.org/view.php?id=CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Cuando se llevan a cabo actualizaciones de add-on, las cadenas de certificados que terminan en non-built-in-roots fueron rechazadas (incluso si fueron agregadas legítimamente por un administrador). Esto podría haber causado que los add-ons se desactualicen silenciosamente sin notificación al usuario. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1308251 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12398 – Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage
https://notcve.org/view.php?id=CVE-2020-12398
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. Si Thunderbird está configurado para usar STARTTLS para un servidor IMAP, y el servidor envía una respuesta PREAUTH, entonces Thunderbird continuará con una conexión sin cifrar, causando que unos datos de correo electrónico sean enviados sin protección. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0 The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. • https://bugzilla.mozilla.org/show_bug.cgi?id=1613623 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12398 https://bugzilla.redhat.com/show_bug.cgi?id=1846556 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •