SB2020031201 - Ubuntu update for Firefox
Published: March 12, 2020 Updated: July 1, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-20503)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in sctp_load_addresses_from_init in usrsctp. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
2) Use-after-free (CVE-ID: CVE-2020-6805)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when removing data about origins in Quota manager in Mozilla Firefox. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Out-of-bounds read (CVE-ID: CVE-2020-6806)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an out-of-bounds read error due to BodyStream::OnInputStreamReady was missing protections against state confusion. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2020-6807)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in cubeb during stream destruction. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Spoofing attack (CVE-ID: CVE-2020-6808)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted web page and spoof web page URL via a javascript: URL.
6) Spoofing attack (CVE-ID: CVE-2020-6810)
The vulnerability allows a remote attacker to perform spoofing attack.
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks.
7) Information disclosure (CVE-ID: CVE-2020-6812)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6813)
The vulnerability allows a remote attacker to bypass certain security restrictions.
When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy.
9) Buffer overflow (CVE-ID: CVE-2020-6814)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Buffer overflow (CVE-ID: CVE-2020-6815)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6809)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to Web Extension with all-urls permissions is allowed to access local files. A remote attacker can trick the victim into installing a malicious browser extension and gain access to sensitive information on the system.
12) Input validation error (CVE-ID: CVE-2020-6811)
The vulnerability allows a remote attacker to execute arbitrary OS commands.
The vulnerability exists due to insufficient validation of user-supplied input copied into buffer via the 'Copy as cURL' feature of Devtools' network tab. A remote attacker can trick the victim into using the 'Copy as cURL' feature to copy malicious data into buffer and later insert them into a terminal window.
Successful exploitation of the vulnerability may result in OS command execution.
Remediation
Install update from vendor's website.