2020年9月15日 星期二

[USN-4474-1] Firefox vulnerabilities

 ---------- Forwarded message ---------

From: Chris Coulson <chris.coulson@canonical.com>

Date: Aug 27, 2020 3:03AM

Multiple security issues were discovered in Firefox. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service, trick the user

in to installing a malicious extension, spoof the URL bar, leak sensitive

information between origins, or execute arbitrary code. (CVE-2020-15664,

CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)

It was discovered that NSS incorrectly handled certain signatures.

An attacker could possibly use this issue to expose sensitive information.

(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)

A data race was discovered when importing certificate information in to

the trust store. An attacker could potentially exploit this to cause an

unspecified impact. (CVE-2020-15668)

References:

  https://usn.ubuntu.com/4474-1

  CVE-2020-12400, CVE-2020-12401, CVE-2020-15664, CVE-2020-15665,

  CVE-2020-15666, CVE-2020-15668, CVE-2020-15670, CVE-2020-6829

沒有留言:

張貼留言