Showing posts with label Mozilla Firefox. Show all posts
Showing posts with label Mozilla Firefox. Show all posts

Ajay Verma , , , , , 01:54

Severity Rating: HIGH
Software Affected
Firefox for iOS versions 25.0 and prior
Overview
A vulnerability has been reported in Firefox for iOS that could allow a
remote attacker to access sensitive information on a targeted system.

Description
This vulnerability exists in Firefox for iOS due to improper token handling
in native-to-JS bridging implementation. A remote attacker could exploit
this vulnerability by creating a specially crafted webpage and then
convince the user to download a file hosted on the webpage. 

Successful exploitation of this vulnerability could allow the attacker to
access potentially sensitive information on the targeted system.

Solution
Update to version 26.0 from Apple App Store.
Vendor Information

Mozilla

References
Mozilla

CyberSecurityHelp

CVE Name
CVE-2020-12404
Read more [..]

Ajay Verma , , , , , , , , , 01:29

Severity Rating: High

Software Affected

·         Mozilla Firefox versions prior to 77.0
·         Mozilla Firefox ESR versions prior to 68.9
·         Mozilla Thunderbird versions prior to 68.9.0

Overview
Multiple vulnerabilities have been reported in Mozilla products which could
allow a remote attacker to access sensitive information, cause memory leak,
perform spoofing attack and execute arbitrary code on a targeted system.

Description
These vulnerabilities exist in Mozilla products due to a flaw related to
timing differences in Mozilla NSS library, use-after-free error in
SharedWorkerService, JavaScript type confusion error, memory leak in
WebRender, incorrect processing of certain blank characters and Unicode
characters in URL, error while receiving a PREAUTH response in STARTTLS
implementation for IMAP and multiple memory safety bugs.

A remote attacker could exploit these vulnerabilities by hosting a
specially crafted webpage and then convince the user to visit the webpage
using the affected product.

Successful exploitation of these vulnerabilities could allow the attacker
to access sensitive information, cause memory leak, perform spoofing attack
and execute arbitrary code on the targeted system.

Solution
Update to Mozilla Firefox version 77.0, Mozilla Firefox ESR version 68.9
and Mozilla Thunderbird version 68.9.0 from the websites www.mozilla.org

Vendor Information

Mozilla



References

CISecurity

efox-could-allow-for-remote-code-execution_2020-075/

CVE Name
CVE-2020-12398

CVE-2020-12399

CVE-2020-12405

CVE-2020-12406

CVE-2020-12407

CVE-2020-12408

CVE-2020-12409

CVE-2020-12410

CVE-2020-12411


Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top