Vulnerability identifier: #VU28525
Vulnerability risk: Low
CVSSv3.1: 1.8 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Mozilla Firefox
Client/Desktop applications /
Web browsers
Vendor: Mozilla
Description
The vulnerability allows a local user to view memory contents
The vulnerability exists due memory leak in WebRender. An attacker with physical access to the system can open a specially crafted web page and view contents of GPU memory on screen.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Mozilla Firefox: 70.0 - 76.0.1
External links
http://www.mozilla.org/en-US/security/advisories/mfsa2020-20/
http://bugzilla.mozilla.org/show_bug.cgi?id=1637112
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.