Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-12407 |
CWE-ID | CWE-401 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
firefox (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU28525
Risk: Low
CVSSv3.1: 1.8 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-12407
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to view memory contents
The vulnerability exists due memory leak in WebRender. An attacker with physical access to the system can open a specially crafted web page and view contents of GPU memory on screen.
Install update from vendor's website.
Vulnerable software versionsfirefox (Alpine package): 76.0.1-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=66010d68451b4eac4d3f7315739fd156bd840f21
http://git.alpinelinux.org/aports/commit/?id=8dc0bf1501171d97e4b280f12987e24bf3cc53f7
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.