Main Vulnerability Database SB2020111727

SB2020111727 - Permissions, Privileges, and Access Controls in firefox-esr (Alpine package)

Published: November 17, 2020

Security Bulletin ID SB2020111727

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-26958)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due Firefox does not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. A remote attacker can exploit this behavior to perform a cross-site script inclusion vulnerability or bypass implemented Content Security Policy restrictions.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=2e45465b6ffd2da160f42818b5b2b4679a98f7a8