Vulnerability Level: High

CVE-No’s:

  • CVE-2020-12399
  • CVE-2020-12405
  • CVE-2020-12406
  • CVE-2020-12407
  • CVE-2020-12408
  • CVE-2020-12409
  • CVE-2020-12410
  • CVE-2020-12411

Risks:

  • Timing Attack on DSA signatures.
  • When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
  • a missing type check during unboxed objects removal, resulting in a crash. With enough effort that it could be exploited to run arbitrary code.
  • when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content.
  • When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
  • When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL.
  •  memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and with enough effort some of these could have been exploited to run arbitrary code.
  • memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and with enough effort some of these could have been exploited to run arbitrary code.

Vulnerable Parties: Anyone or any company using Mozilla Firefox version upto 76.* .

Products vulnerable: Mozilla Firefox version upto 76.

Recommendation: Mozilla has released an update to Firefox version 77 which resolves all the issues mentioned above.

Documentation: For more details visit here: 

https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/

Whats up with Whatsapp? why should you really worry? its alternatives?find out here.
The social media platform you use is a decently curated box for …
2 million+ CCP members secretly work in US, UK, Australia and India.
What's the fuss about? In the recent report by "The Australian" a data …

Have some thoughts? why not share with us here.

Hey we spotted an adblocker on your browser

Hello, Welcome to Stormbreaker.
We are happy that you opened our website but please disable the adblocker to view further.
Ads are a way this page is generating revenue and making this awesome site and people behind it working. 
Thank you in advanced.
Team Stormbreaker.