Red Hat Enterprise Linux 8 update for firefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 |
| CWE-ID | CWE-20 CWE-125 CWE-416 CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
firefox (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions Operating systems & Components / Operating system package or component Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU29452
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12417
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform cache poisoning attack.
The vulnerability exists due to an error when processing the %2F character in a manifest URL, which results in Firefox's AppCache behavior to become confused and allowe a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory.
Mitigation
Install updates from vendor's website.
firefox (Red Hat package): 68.1.0-1.el8_0 - 68.9.0-1.el8_0
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 8.0
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.0
CPE2.3- cpe:2.3:o:red_hat:firefox_redhat_package:68.9.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.8.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.7.0-2.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:2825
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU29453
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12418
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition while processing individual parts of a URL object. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
firefox (Red Hat package): 68.1.0-1.el8_0 - 68.9.0-1.el8_0
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 8.0
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.0
CPE2.3- cpe:2.3:o:red_hat:firefox_redhat_package:68.9.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.8.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.7.0-2.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:2825
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU29455
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12419
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing callbacks that occurred during window flushing in the parent process in nsGlobalWindowInner. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
firefox (Red Hat package): 68.1.0-1.el8_0 - 68.9.0-1.el8_0
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 8.0
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.0
CPE2.3- cpe:2.3:o:red_hat:firefox_redhat_package:68.9.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.8.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.7.0-2.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:2825
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU29456
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12420
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when trying to connect to a STUN server. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a race condition that causes the use-after-free of a pointer and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
firefox (Red Hat package): 68.1.0-1.el8_0 - 68.9.0-1.el8_0
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 8.0
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.0
CPE2.3- cpe:2.3:o:red_hat:firefox_redhat_package:68.9.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.8.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.7.0-2.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:2825
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Certificate Validation
EUVDB-ID: #VU29457
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12421
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disable installed Add-Ons.
The vulnerability exists due to Add-On updates do not respect the same certificate trust rules as software updates. When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user.
MitigationInstall updates from vendor's website.
firefox (Red Hat package): 68.1.0-1.el8_0 - 68.9.0-1.el8_0
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 8.0
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.0
CPE2.3- cpe:2.3:o:red_hat:firefox_redhat_package:68.9.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.8.0-1.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:firefox_redhat_package:68.7.0-2.el8_0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:2825
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
