#VU48470 Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2020-26966


Vulnerability identifier: #VU48470

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26966

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers
Firefox ESR
Client/Desktop applications / Web browsers

Vendor: Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way Firefox performs searches of single-word queries. Searching for a single word from the address bar cause an mDNS request to be sent on the local network searching for a hostname consisting of that string. A remote attacker with the local network can intercept the DNS query and obtain information, searched via browser address bar.

Note, the vulnerability affects Windows users only.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 60.0 - 82.0.3

Firefox ESR: 60.0 - 60.9.0, 68.0 - 68.12.0, 78.0 - 78.4.1

External links
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Information disclosure in firefox (Alpine package)
Information disclosure in firefox-esr (Alpine package)
Multiple vulnerabilities in Firefox for Android
Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Information disclosure in thunderbird (Alpine package)