Log

CVE-2020-6798 edited at 13 Feb 2020 09:20:45
Description
- An incorrect parsing of template could result in Javascript injection in Firefox before 73.0. If a <template> tag was used in a <select%gt; tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result.
+ An incorrect parsing of template could result in Javascript injection in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag was used in a <select%gt; tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result.
In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts.
CVE-2020-6798 edited at 13 Feb 2020 09:20:34
Description
An incorrect parsing of template could result in Javascript injection in Firefox before 73.0. If a <template> tag was used in a <select%gt; tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result.
+ In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798
https://bugzilla.mozilla.org/show_bug.cgi?id=1602944
CVE-2020-6800 edited at 13 Feb 2020 09:19:52
Description
- Several memory safety bugs have been found in Firefox before 73.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code.
+ Several memory safety bugs have been found in Firefox before 73.0 and Thunderbird before 68.5. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777
AVG-1099 created at 13 Feb 2020 09:19:04
Packages
+ thunderbird
Issues
+ CVE-2020-6792
+ CVE-2020-6793
+ CVE-2020-6794
+ CVE-2020-6795
+ CVE-2020-6798
+ CVE-2020-6800
Status
+ Fixed
Severity
+ Critical
Affected
+ 68.4.2-1
Fixed
+ 68.5.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/
Notes
CVE-2020-6792 created at 13 Feb 2020 09:19:04
AVG-1099 created at 13 Feb 2020 09:19:04
Packages
+ thunderbird
Issues
+ CVE-2020-6792
+ CVE-2020-6793
+ CVE-2020-6794
+ CVE-2020-6795
+ CVE-2020-6798
+ CVE-2020-6800
Status
+ Fixed
Severity
+ Critical
Affected
+ 68.4.2-1
Fixed
+ 68.5.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/
Notes
CVE-2020-6793 created at 13 Feb 2020 09:19:04
AVG-1099 created at 13 Feb 2020 09:19:04
Packages
+ thunderbird
Issues
+ CVE-2020-6792
+ CVE-2020-6793
+ CVE-2020-6794
+ CVE-2020-6795
+ CVE-2020-6798
+ CVE-2020-6800
Status
+ Fixed
Severity
+ Critical
Affected
+ 68.4.2-1
Fixed
+ 68.5.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/
Notes
CVE-2020-6794 created at 13 Feb 2020 09:19:04
AVG-1099 created at 13 Feb 2020 09:19:04
Packages
+ thunderbird
Issues
+ CVE-2020-6792
+ CVE-2020-6793
+ CVE-2020-6794
+ CVE-2020-6795
+ CVE-2020-6798
+ CVE-2020-6800
Status
+ Fixed
Severity
+ Critical
Affected
+ 68.4.2-1
Fixed
+ 68.5.0-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/
Notes
CVE-2020-6795 created at 13 Feb 2020 09:19:04
ASA-202002-8 edited at 13 Feb 2020 00:42:26
Impact
- A local attacker is able to crash the system or execute arbitrary code as root by abusing polkit caching mechanisms.
+ A local unprivileged attacker is able to crash the system or execute arbitrary code as root by abusing polkit caching mechanisms.
ASA-202002-8 edited at 13 Feb 2020 00:42:08
Impact
- A local attacker is able to crash the system or execute arbitrary code by abusing polkit caching mechanisms.
+ A local attacker is able to crash the system or execute arbitrary code as root by abusing polkit caching mechanisms.
CVE-2020-1712 edited at 13 Feb 2020 00:40:47
Type
- Arbitrary code execution
+ Privilege escalation
ASA-202002-8 edited at 13 Feb 2020 00:40:47