PT-2020-3496 · Mozilla+2 · Firefox+2

James Forshaw

Published

2020-05-05

Updated

2024-12-12

CVE-2020-12388

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.8 Firefox versions prior to 76

Description The issue is related to insufficient lockdown of access control in Firefox content processes, which could result in a sandbox escape. This problem only affects Firefox on Windows operating systems.

Recommendations For Firefox ESR versions prior to 68.8, update to version 68.8 or later. For Firefox versions prior to 76, update to version 76 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-1915

ALT-PU-2020-1932

ALT-PU-2020-1943

ALT-PU-2020-3442

ALT-PU-2021-3368

BDU:2020-03822

CVE-2020-12388

OPENSUSE-SU-2020:0621-1

OPENSUSE-SU-2020_0621-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2020:1209-1

SUSE-SU-2020:1218-1

SUSE-SU-2020:14359-1

Affected Products

Alt Linux

Firefox

Suse

PT-2020-3496 · Mozilla+2 · Firefox+2

CVE-2020-12388

Weakness Enumeration

Related Identifiers

Affected Products

References · 1905