Main Vulnerability Database SB2020072875

SB2020072875 - Input validation error in firefox-esr (Alpine package)

Published: July 28, 2020

Security Bulletin ID SB2020072875

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2020-15658)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of special characters during file download, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. A remote attacker can override file type when saving data to disk.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ecfc67fc0aa1c8be66b005da45f868c730633a4e
https://git.alpinelinux.org/aports/commit/?id=78431c6461742f7904f5cd815bbed5f76852a8aa
https://git.alpinelinux.org/aports/commit/?id=d28edc9bebe787d7cff81e5dc7200f5b78fd3797