Multiple vulnerabilities in Mozilla Firefox ESR

Description

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to gain privileges, perform cross-site scripting attack, obtain sensitive information, cause denial of service, spoof user interface, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in the Remote Debugging via USB feature for Android can exploited to gain privileges.
2. A cross-site-scripting (XSS) vulnerability can be exploited to perform cross-site scripting attack.
3. A side-channel information leakage vulnerability in graphics component can be exploited to obtain sensitive information.
4. A heap buffer overflow vulnerability in Freetype can be exploited to cause denial of service.
5. A security UI vulnerability in fullscreen mode can be exploited remotely to obtain sensitive information and spoof user interface.
6. A memory safety vulnerability can be exploited to to cause denial of service and execute arbitrary code.
7. A denial of service vulnerability in History and Location interfaces can be exploited to potentially cause denial of service.
8. A security bypass vulnerability in DoH can be exploited to security bypass restrictions.
9. A security bypass vulnerability in Screenshoot mode can be exploited to bypass securty restrictions.
10. A security bypass vulnerability in OneCRL for Android can be exploited to cause denial of service.
11. A security UI vulnerability in fullscreen mode for Android can be exploited to spoof user interface and perform cross-site scripting attack.
12. A use after free vulnerability in nsTArray can be exploited to potentially cause denial of service or execute arbitrary code.
13. A security bypass vulnerability in “Show Password” feature can be exploited to bypass security restrictions and obtain sensitive information.
14. A use after free vulnerability in WebRequestService can be exploited to cause denial of service.
15. A memory corruption vulnerability in JIT compilation can be exploited to potentially cause denial of service.
16. A security vulnerability in mDNS request for Windows can be exploited to obtain sensitive information.
17. A security bypass vulnerability in ServiceWorker can be exploited to bypass security restrictions and perform cross-site scripting attack.
18. A security vulnerability in cookies can be exploited to obtain sensitive information.

Original advisories

• MFSA2020-51

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Mozilla-Firefox-ESR

CVE list

• CVE-2020-15999
  high
• CVE-2020-16012
  warning
• CVE-2020-26964
  high
• CVE-2020-26951
  high
• CVE-2020-26953
  warning
• CVE-2020-26956
  high
• CVE-2020-26962
  high
• CVE-2020-26968
  critical
• CVE-2020-26963
  warning
• CVE-2020-26961
  high
• CVE-2020-26967
  high
• CVE-2020-26957
  high
• CVE-2020-26954
  warning
• CVE-2020-26969
  critical
• CVE-2020-26960
  critical
• CVE-2020-26965
  high
• CVE-2020-26959
  critical
• CVE-2020-26952
  critical
• CVE-2020-26966
  high
• CVE-2020-26958
  high
• CVE-2020-26955
  high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com