SB2020121559 - Permissions, Privileges, and Access Controls in firefox (Alpine package)
Published: December 15, 2020
Security Bulletin ID
SB2020121559
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-26975)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers
Remediation
Install update from vendor's website.