CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26959 – Mozilla: Use-after-free in WebRequestService
https://notcve.org/view.php?id=CVE-2020-26959
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Durante el cierre del navegador, la disminución de la referencia podría haber ocurrido en un objeto previamente liberado, resultando en un uso de la memoria previamente liberada, una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78.5, y Thunderbird versiones anteriores a 78.5 • https://bugzilla.mozilla.org/show_bug.cgi?id=1669466 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26959 https://bugzilla.redhat.com/show_bug.cgi?id=1898736 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-16012 – Mozilla: Variable time processing of cross-origin images during drawImage calls
https://notcve.org/view.php?id=CVE-2020-16012
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Un filtrado de información de canal lateral en graphics en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1088224 https://access.redhat.com/security/cve/CVE-2020-16012 https://bugzilla.redhat.com/show_bug.cgi?id=1898732 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26967
https://notcve.org/view.php?id=CVE-2020-26967
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83. Cuando se escuchan unos cambios de página con un Mutation Observer, una página web maliciosa podría confundir unas Screenshots de Firefox para interactuar con elementos distintos a los que inyectó en la página. Esto conllevaría a errores internos y un comportamiento inesperado en el código de Screenshots. • https://bugzilla.mozilla.org/show_bug.cgi?id=1665820 https://www.mozilla.org/security/advisories/mfsa2020-50 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26961 – Mozilla: DoH did not filter IPv4 mapped IP Addresses
https://notcve.org/view.php?id=CVE-2020-26961
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Cuando un DNS sobre HTTPS está en uso, intencionalmente filtra el RFC1918 y los rangos de IP relacionados con las respuestas, ya que no tiene sentido al venir de un resolutor de DoH. Sin embargo, cuando una dirección IPv4 fue mapeada por medio de IPv6, estas direcciones fueron dejadas pasar erróneamente, conllevando a un potencial ataque de DNS Rebinding. • https://bugzilla.mozilla.org/show_bug.cgi?id=1672528 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26961 https://bugzilla.redhat.com/show_bug.cgi?id=1898738 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26956 – Mozilla: XSS through paste (manual and clipboard API)
https://notcve.org/view.php?id=CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. En algunos casos, al eliminar unos elementos HTML durante el saneamiento mantendría los actuales manejadores de eventos SVG y, por lo tanto, conllevaría a un ataque de tipo XSS. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78.5, y Thunderbird versiones anteriores a 78.5 • https://bugzilla.mozilla.org/show_bug.cgi?id=1666300 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26956 https://bugzilla.redhat.com/show_bug.cgi?id=1898734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •