Headline
CVE-2020-12406: Security Vulnerabilities fixed in Firefox 77
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Mozilla Foundation Security Advisory 2020-20
Announced
June 2, 2020
Impact
high
Products
Firefox
Fixed in
- Firefox 77
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
Reporter
Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University
Impact
high
Description
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
References
- Bug 1631576
#CVE-2020-12405: Use-after-free in SharedWorkerService
Reporter
Marcin ‘Icewall’ Noga of Cisco Talos
Impact
high
Description
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
References
- Bug 1631618
#CVE-2020-12406: JavaScript type confusion with NativeTypes
Reporter
Iain Ireland
Impact
high
Description
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code.
References
- Bug 1639590
#CVE-2020-12407: WebRender leaking GPU memory when using border-image CSS directive
Reporter
Nicolas Silva
Impact
moderate
Description
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content.
References
- Bug 1637112
#CVE-2020-12408: URL spoofing when using IP addresses
Reporter
Rayyan Bijoora
Impact
low
Description
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
References
- Bug 1623888
#CVE-2020-12409: URL spoofing with unicode characters
Reporter
Rayyan Bijoora
Impact
low
Description
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL.
References
- Bug 1629506
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
- Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
#CVE-2020-12411: Memory safety bugs fixed in Firefox 77
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers :Gijs (he/him), Randell Jesup reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
- Memory safety bugs fixed in Firefox 77
Related news
An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-11756: nss: Use-after-free in sftk_FreeSession due to improper refcounting * CVE-2019-17006: nss: Check length of inputs for cryptographic primitives * CVE-2019-17023: nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state * CVE-2020-12399: nss: Timing attack on DSA signature generation * CVE-2020-12402: nss: Side channel v...