Main Vulnerability Database SB2020112916

SB2020112916 - Permissions, Privileges, and Access Controls in firefox (Alpine package)

Published: November 29, 2020

Security Bulletin ID SB2020112916

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-26958)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due Firefox does not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. A remote attacker can exploit this behavior to perform a cross-site script inclusion vulnerability or bypass implemented Content Security Policy restrictions.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=13a8f0d1284680f721e935cc6d3cb2649cf25093