Firefox ESR 68.8 Security Advisory: Critical RCE, Sandbox Escape, and Memory Corruption CVEs

Key Information Announcement Date: May 5, 2020 Impact Level: critical Product: Firefox ESR Fixed Version: Firefox ESR 68.8 Vulnerability Details CVE-2020-12387: Use-after-free Reporter: Looben Yang Impact Level: critical Description: A race condition exists in the shutdown code for Web Workers, leading to a use-after-free vulnerability. This could result in a potentially exploitable crash. CVE-2020-12388: Sandbox Escape and Insufficiently Protected Access Tokens Reporter: James Forshaw of Google Project Zero Impact Level: critical Description: The Firefox content process does not sufficiently lock down access controls, potentially leading to sandbox escape. Note: This issue affects only Firefox on Windows operating systems. CVE-2020-12389: Sandbox Escape and Insufficiently Separated Process Types Reporter: Niklas Baumstark Impact Level: high Description: The Firefox content process does not sufficiently lock down access controls, potentially leading to sandbox escape. Note: This issue affects only Firefox on Windows operating systems. CVE-2020-6831: Buffer Overflow in SCTP Block Input Validation Reporter: Natalie Silvanovich of Google Project Zero Impact Level: high Description: A buffer overflow may occur during parsing and validation of SCTP blocks in WebRTC. This could lead to memory corruption and a potentially exploitable crash. CVE-2020-12392: 'Copy as cURL' Feature Enables Arbitrary Local File Access Reporter: Ophir LOJKINE Impact Level: moderate Description: The 'Copy as cURL' feature in DevTools' Network tab does not properly escape HTTP POST request data, which can be controlled by a website. If a user uses 'Copy as cURL' and pastes the command into a terminal, it may lead to leakage of local files. CVE-2020-12393: 'Copy as cURL' Feature Fails to Fully Escape Website-Controlled Data, Leading to Command Injection Reporter: David Yesland Impact Level: moderate Description: The 'Copy as cURL' feature in DevTools' Network tab does not properly escape HTTP request methods, which can be controlled by a website. If a user uses 'Copy as cURL' and pastes the command into a terminal, it may lead to command injection and arbitrary command execution. Note: This issue affects only Firefox on Windows operating systems. CVE-2020-12395: Memory Safety Vulnerabilities Fixed in Firefox 76 and Firefox ESR 68.8 Reporter: Mozilla developers and community members Impact Level: critical Description: Mozilla developers and community members reported memory safety vulnerabilities in Firefox 75 and Firefox ESR 68.7. Some of these vulnerabilities showed evidence of memory corruption, and we assume that some could have been exploited to run arbitrary code with sufficient effort.

Goal Reached Thanks to every supporter — we hit 100%!

Firefox ESR 68.8 Security Advisory: Critical RCE, Sandbox Escape, and Memory Corruption CVEs

More from this source