Vulnerability Details

Mozilla Firefox Security Advisory (MFSA2020-05) - Linux

Published: 2021-11-08 15:21:25
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

severity_vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

severity_origin=NVD

severity_date=2020-03-11 23:15:00 +0000 (Wed, 11 Mar 2020)

Summary:
This host is missing a security update for Mozilla Firefox.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
CVE-2020-6796: Missing bounds check on shared memory read in the parent process A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact.Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection If a