Severity Rating: High
Software Affected
· Mozilla Firefox versions prior to 78.0
· Mozilla Firefox ESR versions prior to 68.10
· Mozilla Thunderbird versions prior to 68.10
Overview
Multiple vulnerabilities have been reported in Mozilla Products which could
allow a remote attacker to bypass security restrictions, obtain sensitive
information, execute arbitrary code on the target system, or cause denial
of service (DoS) conditions.
Description
These vulnerabilities exist in Mozilla products due to missing
sign-extension for ValueTags on ARM64 platforms, manipulated URL object,
use-after-free error in nsGlobalWindowInner, use-after-free error while
trying to connect to a STUN server, an error while following certificate
trust rules by the Add-On updates, an error while processing url encoded
character, use-after-free error in WebRTC VideoBroadcaster, an error during
RSA key generation in Network Security Services (NSS), integer overflow
error in nsJPEGEncoder, missing Windows DLL "webauthn.dll" from the
operating system, an error in permission prompt for WebRTC, out of bound
read in Date.parse(), memory corruption errors. A remote attacker could
exploit these vulnerabilities by executing malicious contents on the target
system.
Successful exploitation of these vulnerabilities could allow the attacker
to bypass security restrictions, obtain sensitive information, execute
arbitrary code on the target system, or cause denial of service (DoS)
conditions.
Solution
Apply appropriate updates as mentioned in the Mozilla Security Advisories
Vendor Information
Mozilla
Reference
Mozilla
CVE Name
CVE-2020-12402
CVE-2020-12415
CVE-2020-12416
CVE-2020-12417
CVE-2020-12418
CVE-2020-12419
CVE-2020-12420
CVE-2020-12421
CVE-2020-12422
CVE-2020-12423
CVE-2020-12424
CVE-2020-12425
CVE-2020-12426
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.