Log

CVE-2020-15677 edited at 23 Sep 2020 15:13:29
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ An issue has been found in Firefox before 81.0 where, by exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1641487
Notes
AVG-1235 edited at 23 Sep 2020 15:06:20
Severity
- Unknown
+ Medium
CVE-2020-15678 edited at 23 Sep 2020 15:06:20
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A use-after-free issue has been found in Firefox before 81.0 where, when recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1660211
Notes
AVG-1235 created at 23 Sep 2020 15:04:49
Packages
+ firefox
Issues
+ CVE-2020-15673
+ CVE-2020-15674
+ CVE-2020-15675
+ CVE-2020-15676
+ CVE-2020-15677
+ CVE-2020-15678
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.1-1
Fixed
+ 81.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42
Notes
CVE-2020-15677 created at 23 Sep 2020 15:04:49
AVG-1235 created at 23 Sep 2020 15:04:49
Packages
+ firefox
Issues
+ CVE-2020-15673
+ CVE-2020-15674
+ CVE-2020-15675
+ CVE-2020-15676
+ CVE-2020-15677
+ CVE-2020-15678
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.1-1
Fixed
+ 81.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42
Notes
CVE-2020-15674 created at 23 Sep 2020 15:04:49
AVG-1235 created at 23 Sep 2020 15:04:49
Packages
+ firefox
Issues
+ CVE-2020-15673
+ CVE-2020-15674
+ CVE-2020-15675
+ CVE-2020-15676
+ CVE-2020-15677
+ CVE-2020-15678
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.1-1
Fixed
+ 81.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42
Notes
CVE-2020-15676 created at 23 Sep 2020 15:04:49
AVG-1235 created at 23 Sep 2020 15:04:49
Packages
+ firefox
Issues
+ CVE-2020-15673
+ CVE-2020-15674
+ CVE-2020-15675
+ CVE-2020-15676
+ CVE-2020-15677
+ CVE-2020-15678
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.1-1
Fixed
+ 81.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42
Notes
CVE-2020-15678 created at 23 Sep 2020 15:04:49
AVG-1235 created at 23 Sep 2020 15:04:49
Packages
+ firefox
Issues
+ CVE-2020-15673
+ CVE-2020-15674
+ CVE-2020-15675
+ CVE-2020-15676
+ CVE-2020-15677
+ CVE-2020-15678
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.1-1
Fixed
+ 81.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42
Notes
CVE-2020-15673 created at 23 Sep 2020 15:04:49
AVG-1235 created at 23 Sep 2020 15:04:49
Packages
+ firefox
Issues
+ CVE-2020-15673
+ CVE-2020-15674
+ CVE-2020-15675
+ CVE-2020-15676
+ CVE-2020-15677
+ CVE-2020-15678
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.1-1
Fixed
+ 81.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42
Notes
CVE-2020-15675 created at 23 Sep 2020 15:04:49
ASA-202009-9 edited at 23 Sep 2020 15:02:40
Impact
+ A remote attacker might be able to bypass security restrictions, access sensitive information or execute arbitrary code on the affected host.
ASA-202009-9 created at 23 Sep 2020 15:02:14