Main Vulnerability Database Vulnerabilities #VU48471

Resource management error in Mozilla Firefox - CVE-2020-26967

Published: November 17, 2020

Vulnerability identifier: #VU48471

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-26967

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to introduce an unexpected behavior.

The vulnerability exists due to improper management of internal resources within Mutation Observers. When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/

Resource management error in Mozilla Firefox - CVE-2020-26967

Description

Remediation

External links

Please verify you're human