Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

firefox vulnerabilities

Related Vulnerabilities: CVE-2019-20503   CVE-2020-6805   CVE-2020-6806   CVE-2020-6807   CVE-2020-6808   CVE-2020-6810   CVE-2020-6812   CVE-2020-6813   CVE-2020-6814   CVE-2020-6815   CVE-2020-6809   CVE-2020-6811  

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815)

Source

11 March 2020

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description

  • firefox - Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815)

It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6809)

It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
firefox - 74.0+build3-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
firefox - 74.0+build3-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 74.0+build3-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started