CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2020-12388 – Firefox Default Content Process DACL Sandbox Escape
https://notcve.org/view.php?id=CVE-2020-12388
26 May 2020 — The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Los procesos de contenido de Firefox no bloquearon suficientemente el control de acceso, lo que podría resultar en un escape del sandbox. *Nota: este problema solo afecta a Firefox en los sistemas operativos Windows.*. • https://packetstorm.news/files/id/157860 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12389
https://notcve.org/view.php?id=CVE-2020-12389
26 May 2020 — The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Los procesos de contenido de Firefox no bloquearon suficientemente el control de acceso, lo que podría resultar en un escape del sandbox. *Nota: este problema solo afecta a Firefox en los sistemas operativos Windows.*. • https://bugzilla.mozilla.org/show_bug.cgi?id=1554110 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12390
https://notcve.org/view.php?id=CVE-2020-12390
26 May 2020 — Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. Una serialización incorrecta del origen de las URL con direcciones IPv6 podría conllevar a comprobaciones de seguridad incorrectas. Esta vulnerabilidad afecta a Firefox versiones anteriores a 76. • https://bugzilla.mozilla.org/show_bug.cgi?id=1141959 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12391
https://notcve.org/view.php?id=CVE-2020-12391
26 May 2020 — Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. Documentos formados usando datos: las URL en un elemento OBJECT presentaron un fallo al heredar el CSP del contexto de creación. Esto permitió la ejecución de scripts que debieron haber sido bloqueados, aunque con un origen opaco único. • https://bugzilla.mozilla.org/show_bug.cgi?id=1457100 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-12393
https://notcve.org/view.php?id=CVE-2020-12393
26 May 2020 — The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. La funcionalidad "Copy as cURL" de la pestaña de ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1615471 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12396 – Gentoo Linux Security Advisory 202005-04
https://notcve.org/view.php?id=CVE-2020-12396
13 May 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 75. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos q... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1339601%2C1611938%2C1620488%2C1622291%2C1627644 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12394 – Ubuntu Security Notice USN-4353-2
https://notcve.org/view.php?id=CVE-2020-12394
12 May 2020 — A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76. Un fallo lógico en nuestra implementación de la barra de ubicación podría haber permitido a un atacante local falsificar la ubicación actual al seleccionar un origen diferente y eliminar el foco del elemento de entrada. Esta vulnerabilidad afecta a Firefox versiones anteriores a 76... • https://bugzilla.mozilla.org/show_bug.cgi?id=1628288 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12397 – Mozilla: Sender Email Address Spoofing using encoded Unicode characters
https://notcve.org/view.php?id=CVE-2020-12397
11 May 2020 — By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. Al codificar caracteres de espacio en blanco Unicode dentro del encabezado del correo electrónico From, un atacante puede suplantar la dirección de correo electrónico del remitente que despliega Thunderbird. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.8.0. Multiple security issues were discove... • https://bugzilla.mozilla.org/show_bug.cgi?id=1617370 • CWE-172: Encoding Error CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2020-12395 – Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
https://notcve.org/view.php?id=CVE-2020-12395
06 May 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 75 y Firefox ESR ver... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2020-6831 – usrsctp: Buffer overflow in AUTH chunk input validation
https://notcve.org/view.php?id=CVE-2020-6831
06 May 2020 — A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Podría presentarse un desbordamiento del búfer cuando se analizan y comprueban fragmentos SCTP en WebRTC. Esto podría haber provocado una corrupción en la memoria y un bloqueo potencialmente explotable. • https://packetstorm.news/files/id/158480 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •