Severity Rating: HIGH
Software Affected
Mozilla Firefox versions prior to 84
Mozilla Firefox ESR versions prior to 78.6
Mozilla Thunderbird versions prior to 78.6
Overview
Multiple vulnerabilities have been reported in Mozilla products which could
allow a remote attacker to execute arbitrary code, perform spoofing
attacks, disclose potentially sensitive information, or cause denial of
service conditions on the targeted system.
Description
These vulnerabilities exist in Mozilla products due to uninitialized memory
error in BigInt, heap buffer overflow error or use-after-free in WebGL,
improper sanitization of CSS Sanitizer, use-after-free in
StyleGenericFlexBasis, improper security restrictions, improper processing
of user supplied input, error while using proxy.onRequest callback request
for view-source URLs, improper processing of downloaded files without
extensions.
Successful exploitation of these vulnerabilities could allow a remote
attacker to execute arbitrary code, perform spoofing attacks, disclose
potentially sensitive information, or cause denial of service conditions on
the targeted system.
Solution
Upgrade to Mozilla Firefox version 84, Firefox ESR version 78.6 and
Thunderbird version 78.6
Vendor Information
Mozilla
References
Mozilla
CVE Name
CVE-2020-16042
CVE-2020-26971
CVE-2020-26972
CVE-2020-26973
CVE-2020-26974
CVE-2020-26975
CVE-2020-26976
CVE-2020-26977
CVE-2020-26978
CVE-2020-26979
CVE-2020-35111
CVE-2020-35112
CVE-2020-35113
CVE-2020-35114
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.