Vulnerability Level: High

CVE-No’s:

  • CVE-2020-12399
  • CVE-2020-12405
  • CVE-2020-12406
  • CVE-2020-12407
  • CVE-2020-12408
  • CVE-2020-12409
  • CVE-2020-12410
  • CVE-2020-12411

Risks:

  • Timing Attack on DSA signatures.
  • When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
  • a missing type check during unboxed objects removal, resulting in a crash. With enough effort that it could be exploited to run arbitrary code.
  • when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content.
  • When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
  • When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL.
  •  memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and with enough effort some of these could have been exploited to run arbitrary code.
  • memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and with enough effort some of these could have been exploited to run arbitrary code.

Vulnerable Parties: Anyone or any company using Mozilla Firefox version upto 76.* .

Products vulnerable: Mozilla Firefox version upto 76.

Recommendation: Mozilla has released an update to Firefox version 77 which resolves all the issues mentioned above.

Documentation: For more details visit here: 

https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/

JBS, the world’s meat producer shelled out $11 million dollars in ransom to hackers.
What happened? JBS USA [part of J.B.S S.A group] confirmed that the …
CoWin Website hacked and 150 million registered user database stolen.
What Happened? A recent claim has been made on the dark web …

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.