Multiple vulnerabilities in Mozilla Firefox

Descrição

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

1. MediaError Message vulnerability can be exploited to security bypass restrictions and obtain sensitive information.
2. Data Race vulnerability can be exploited to security bypass restrictions and cause denial of service.
3. Converting coordinates vulnerability can be exploited to bypass security restrictions.
4. Elevation of privilege vulnerability on Windows can be exploited to bypass security restrictions, gain privileges and execute arbitrary code.
5. Security UI vulnerability in address bar can be exploited to perform domain spoofing.
6. Security UI vulnerability in eval() function can be exploited to spoof user interface and execute arbitrary code.
7. ECDSA signature generation vulnerability can be exploited to security bypass restrictions.
8. Memory safety vulnerabilities can be exploited to execute arbitrary code.
9. EC scalar point multiplication vulnerability can be exploited to obtain sensitive information.
10. Heap overflow vulnerability can be exploited to potentially cause denial of service and execute arbitrary code.

Comunicados originais

• MFSA2020-36

Exploração

Public exploits exist for this vulnerability.

Produtos relacionados

• Mozilla-Firefox

Lista de CVE

• CVE-2020-15666
  high
• CVE-2020-15668
  warning
• CVE-2020-12400
  warning
• CVE-2020-15663
  critical
• CVE-2020-15665
  warning
• CVE-2020-15664
  high
• CVE-2020-12401
  warning
• CVE-2020-15670
  critical
• CVE-2020-6829
  high
• CVE-2020-15667
  critical

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com