Main Vulnerability Database Exploits ID:2787 - Exploit for Permissions, Privileges, and Access Controls in Mozilla Firefox and Firefox ESR - CVE-2020-12388

ID:2787 - Exploit for Permissions, Privileges, and Access Controls in Mozilla Firefox and Firefox ESR - CVE-2020-12388

Published: May 29, 2020

Vulnerability identifier: #VU27530

Vulnerability risk: High

CVE-ID: CVE-2020-12388

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Mozilla Firefox
Firefox ESR

Link to public exploit:

https://packetstormsecurity.com/files/download/157860/GS20200528162322.tgz

Vulnerability description

The vulnerability allows a remote attacker to bypass sandbox restrictions.

The vulnerability exists due the Firefox content processes did not sufficiently lockdown access control due to improper protection of access tokens. A remote attacker can bypass implemented security restrictions and execute arbitrary code on the target system.

Note, this vulnerability affects Windows versions only.

Remediation

Install updates from vendor's website.

ID:2787 - Exploit for Permissions, Privileges, and Access Controls in Mozilla Firefox and Firefox ESR - CVE-2020-12388

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human