CVE-2020-26951 - log back

CVE-2020-26951 edited at 18 Nov 2020 07:57:21
Type
- Arbitrary code execution
+ Access restriction bypass
Description
- A security issue has been found in Firefox before 83.0 where incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors.
+ A parsing and event loading mismatch has been found in Firefox's SVG code before 83.0 and could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass the built-in sanitizer.
References
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951
- https://bugzilla.mozilla.org/show_bug.cgi?id=1667685
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1667113
CVE-2020-26951 edited at 17 Nov 2020 18:34:29
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A security issue has been found in Firefox before 83.0 where incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1667685
Notes
CVE-2020-26951 created at 17 Nov 2020 18:15:06