Main Vulnerability Database SB2020072963

SB2020072963 - Input validation error in firefox-esr (Alpine package)

Published: July 29, 2020

Security Bulletin ID SB2020072963

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2020-15650)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=4cd4a0dd2e6c9e8d082dca8588312badce9f16ba
https://git.alpinelinux.org/aports/commit/?id=04f8e005916c290085fcf9cff34c5ed43c7b570e
https://git.alpinelinux.org/aports/commit/?id=4078c037d203ec86019f68e2ec6e03b7b6a7fcf4