Main Vulnerability Database SB2020072867

SB2020072867 - Resource management error in firefox-esr (Alpine package)

Published: July 28, 2020

Security Bulletin ID SB2020072867

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2020-15654)

The vulnerability allows a remote attacker to bypass certain security restrictions.

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ecfc67fc0aa1c8be66b005da45f868c730633a4e
https://git.alpinelinux.org/aports/commit/?id=78431c6461742f7904f5cd815bbed5f76852a8aa
https://git.alpinelinux.org/aports/commit/?id=d28edc9bebe787d7cff81e5dc7200f5b78fd3797