Red Hat Enterprise Linux 7 update for firefox



Published: 2020-09-30
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2020-12422
CVE-2020-12424
CVE-2020-12425
CVE-2020-15648
CVE-2020-15653
CVE-2020-15654
CVE-2020-15656
CVE-2020-15658
CVE-2020-15673
CVE-2020-15676
CVE-2020-15677
CVE-2020-15678
CWE-ID CWE-190
CWE-346
CWE-125
CWE-264
CWE-399
CWE-843
CWE-20
CWE-119
CWE-79
CWE-451
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, big endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system

Red Hat Enterprise Linux Workstation
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server
Operating systems & Components / Operating system

firefox (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU29461

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-12422

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the nsJPEGEncoder::emptyOutputBuffer function when processing JPEG images. A remote attacker can create a specially crafted JPEG image, trick the victim into visiting a web page with such an image, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Origin validation error

EUVDB-ID: #VU29463

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-12424

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when processing URI permissions in WebRTC. A remote attacker can bypass WebRTC permissions prompt dialog.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU29464

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-12425

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition due to confusion processing a hyphen character in Date.parse().  A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds read error and read one byte of process memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU29631

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-15648

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox does not correctly enforce he X-Frame-Options header. A remote attacker can create a specially crafted web page and frame other websites using object or embed tags.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32901

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-15653

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions, when allowing popups. A remote attacker can create a specially crafted web page with noopener links that may allow an attacker to bypass iframe sandbox for websites relying on sandbox configurations, if allow-popups flag is set.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Resource management error

EUVDB-ID: #VU32906

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-15654

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Type Confusion

EUVDB-ID: #VU32902

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-15656

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when JIT optimizations involving the Javascript arguments object could confuse later optimizations in IonMonkey. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Input validation error

EUVDB-ID: #VU32903

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-15658

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of special characters during file download, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. A remote attacker can override file type when saving data to disk.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Buffer overflow

EUVDB-ID: #VU46966

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-15673

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Cross-site scripting

EUVDB-ID: #VU46964

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-15676

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Spoofing attack

EUVDB-ID: #VU46963

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-15677

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to way Firefox displays name of the data origin when downloading files. A remote attacker can spoof origin of the downloaded file and display the name of the intermediate website instead of the original source name.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack but requires that the spoofed website has an open redirect vulnerability.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Use-after-free

EUVDB-ID: #VU46965

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-15678

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content. When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

firefox (Red Hat package): before 78.3.0-1.el7_9


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:4080

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###