Vulnerability Details

Mozilla Firefox Security Advisory (MFSA2020-05) - Linux

Published: 2021-11-08 15:21:25
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:



severity_date=2020-03-11 23:15:00 +0000 (Wed, 11 Mar 2020)

This host is missing a security update for Mozilla Firefox.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
CVE-2020-6796: Missing bounds check on shared memory read in the parent process A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. CVE-2020-6797: Extensions granted permission could open arbitrary applications on Mac OSX By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact.Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection If a