SB2020112922 - Permissions, Privileges, and Access Controls in firefox (Alpine package)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020112922

SB2020112922 - Permissions, Privileges, and Access Controls in firefox (Alpine package)

Published: November 29, 2020

Security Bulletin ID SB2020112922
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-26964)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to the way Remote Debugging via USB feature behaves on older versions of Android OS. If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0.


Remediation

Install update from vendor's website.

References