SB20200930101 - Red Hat Enterprise Linux 7 update for firefox

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2020-12422)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the nsJPEGEncoder::emptyOutputBuffer function when processing JPEG images. A remote attacker can create a specially crafted JPEG image, trick the victim into visiting a web page with such an image, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Origin validation error (CVE-ID: CVE-2020-12424)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when processing URI permissions in WebRTC. A remote attacker can bypass WebRTC permissions prompt dialog.

3) Out-of-bounds read (CVE-ID: CVE-2020-12425)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition due to confusion processing a hyphen character in Date.parse().  A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds read error and read one byte of process memory.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-15648)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox does not correctly enforce he X-Frame-Options header. A remote attacker can create a specially crafted web page and frame other websites using object or embed tags.

5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-15653)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions, when allowing popups. A remote attacker can create a specially crafted web page with noopener links that may allow an attacker to bypass iframe sandbox for websites relying on sandbox configurations, if allow-popups flag is set.

6) Resource management error (CVE-ID: CVE-2020-15654)

The vulnerability allows a remote attacker to bypass certain security restrictions.

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.

7) Type Confusion (CVE-ID: CVE-2020-15656)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when JIT optimizations involving the Javascript arguments object could confuse later optimizations in IonMonkey. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Input validation error (CVE-ID: CVE-2020-15658)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of special characters during file download, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. A remote attacker can override file type when saving data to disk.

9) Buffer overflow (CVE-ID: CVE-2020-15673)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

10) Cross-site scripting (CVE-ID: CVE-2020-15676)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

11) Spoofing attack (CVE-ID: CVE-2020-15677)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to way Firefox displays name of the data origin when downloading files. A remote attacker can spoof origin of the downloaded file and display the name of the intermediate website instead of the original source name.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack but requires that the spoofed website has an open redirect vulnerability.

12) Use-after-free (CVE-ID: CVE-2020-15678)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content. When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:4080