Severity Rating: High
Software Affected
· Mozilla Firefox versions prior to 77.0
· Mozilla Firefox ESR versions prior to 68.9
· Mozilla Thunderbird versions prior to 68.9.0
Overview
Multiple vulnerabilities have been reported in Mozilla products which could
allow a remote attacker to access sensitive information, cause memory leak,
perform spoofing attack and execute arbitrary code on a targeted system.
Description
These vulnerabilities exist in Mozilla products due to a flaw related to
timing differences in Mozilla NSS library, use-after-free error in
SharedWorkerService, JavaScript type confusion error, memory leak in
WebRender, incorrect processing of certain blank characters and Unicode
characters in URL, error while receiving a PREAUTH response in STARTTLS
implementation for IMAP and multiple memory safety bugs.
A remote attacker could exploit these vulnerabilities by hosting a
specially crafted webpage and then convince the user to visit the webpage
using the affected product.
Successful exploitation of these vulnerabilities could allow the attacker
to access sensitive information, cause memory leak, perform spoofing attack
and execute arbitrary code on the targeted system.
Solution
Update to Mozilla Firefox version 77.0, Mozilla Firefox ESR version 68.9
and Mozilla Thunderbird version 68.9.0 from the websites www.mozilla.org
and www.thunderbird.net .
Vendor Information
Mozilla
References
CISecurity
efox-could-allow-for-remote-code-execution_2020-075/
CVE Name
CVE-2020-12398
CVE-2020-12399
CVE-2020-12405
CVE-2020-12406
CVE-2020-12407
CVE-2020-12408
CVE-2020-12409
CVE-2020-12410
CVE-2020-12411
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0202] Remote code execution in Open Connect VPN client](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )