SB2020082624 - Red Hat Enterprise Linux 8 update for firefox 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020082624

SB2020082624 - Red Hat Enterprise Linux 8 update for firefox

Published: August 26, 2020

Security Bulletin ID SB2020082624
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 50% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2020-12422)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the nsJPEGEncoder::emptyOutputBuffer function when processing JPEG images. A remote attacker can create a specially crafted JPEG image, trick the victim into visiting a web page with such an image, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Origin validation error (CVE-ID: CVE-2020-12424)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when processing URI permissions in WebRTC. A remote attacker can bypass WebRTC permissions prompt dialog.


3) Out-of-bounds read (CVE-ID: CVE-2020-12425)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition due to confusion processing a hyphen character in Date.parse().  A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds read error and read one byte of process memory.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-15648)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox does not correctly enforce he X-Frame-Options header. A remote attacker can create a specially crafted web page and frame other websites using object or embed tags.


5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-15653)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions, when allowing popups. A remote attacker can create a specially crafted web page with noopener links that may allow an attacker to bypass iframe sandbox for websites relying on sandbox configurations, if allow-popups flag is set.


6) Resource management error (CVE-ID: CVE-2020-15654)

The vulnerability allows a remote attacker to bypass certain security restrictions.

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.


7) Type Confusion (CVE-ID: CVE-2020-15656)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when JIT optimizations involving the Javascript arguments object could confuse later optimizations in IonMonkey. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Input validation error (CVE-ID: CVE-2020-15658)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of special characters during file download, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. A remote attacker can override file type when saving data to disk.


9) Resource management error (CVE-ID: CVE-2020-15664)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Firefox handles prompts. By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed.


10) Use-after-free (CVE-ID: CVE-2020-15669)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when aborting operations in browser. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install update from vendor's website.

References