CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26971 – Mozilla: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2020-26971
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Determinados valores de blit proporcionados por el usuario no se restringieron apropiadamente, conllevando a un desbordamiento del búfer de pila en algunos controladores de video. Esta vulnerabilidad afecta a Firefox versiones anteriores a 84, Thunderbird versiones anteriores a 78,6 y Firefox ESR versiones anteriores a 78,6 The Mozilla Foundation Security Advisory describes this flaw as: Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. • https://bugzilla.mozilla.org/show_bug.cgi?id=1663466 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-26971 https://bugzilla.redhat.com/show_bug.cgi?id=1908022 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26972
https://notcve.org/view.php?id=CVE-2020-26972
The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84. El ciclo de vida de IPC Actors, permite a actores administrados sobrevivir a sus actores administradores; y los primeros deben asegurarse de que no están intentando usar a un actor eliminado al que presentan en una referencia. Esta comprobación se omitió en WebGL, resultando en un uso de la memoria previamente liberada y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1671382 https://www.mozilla.org/security/advisories/mfsa2020-54 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26974 – Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
https://notcve.org/view.php?id=CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Cuando flex-basis fue usada en un contenedor de tabla, un objeto StyleGenericFlexBasis podría haberse convertido incorrectamente en el tipo equivocado. Esto resultó en uso de la memoria previamente liberada de la pila, una corrupción de la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1681022 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-26974 https://bugzilla.redhat.com/show_bug.cgi?id=1908024 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26976 – Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been
https://notcve.org/view.php?id=CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. Cuando una página HTTPS estaba insertada en una página HTTP, y había un trabajador de servicio registrado para la primera, el trabajador de servicio podría haber interceptado la petición de la página segura a pesar de que el iframe no estaba en un contexto seguro debido al framing (no seguro). Esta vulnerabilidad afecta a Firefox versiones anteriores a 84 The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. • https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html https://security.gentoo.org/glsa/202102-02 https://www.debian.org/security/2021/dsa-4840 https://www.debian.org/security/2021/dsa-4842 https://www.mozilla.org/security/advisories/mfsa2020-54 https://access.redhat.com/security/cve/CVE-2020-26976 https://bugzilla.redhat.com/show_bug.cgi?i • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26978 – Mozilla: Internal network hosts could have been probed by a malicious webpage
https://notcve.org/view.php?id=CVE-2020-26978
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Usando técnicas que se basaron en la investigación de slipstream, una página web maliciosa podría haber expuesto tanto los hosts de una red interna como los servicios que se ejecutan en la máquina local del usuario. Esta vulnerabilidad afecta a Firefox versiones anteriores a 84, Thunderbird versiones anteriores a 78,6 y Firefox ESR versiones anteriores a 78,6 The Mozilla Foundation Security Advisory describes this flaw as: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. • https://bugzilla.mozilla.org/show_bug.cgi?id=1677047 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-26978 https://bugzilla.redhat.com/show_bug.cgi?id=1908025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •