PT-2020-3497 · Mozilla+2 · Firefox+2

Niklas Baumstark

Published

2020-05-05

Updated

2024-12-12

CVE-2020-12389

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 76 Firefox ESR versions prior to 68.8

Description The issue is related to insufficient access control lockdown in Firefox content processes, which could result in a sandbox escape. This problem only affects Firefox on Windows operating systems. The vulnerability is associated with inadequate input validation, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For Firefox versions prior to 76, update to version 76 or later to resolve the issue. For Firefox ESR versions prior to 68.8, update to version 68.8 or later to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-1915

ALT-PU-2020-1932

ALT-PU-2020-1943

ALT-PU-2020-3442

ALT-PU-2021-3368

BDU:2020-03823

CVE-2020-12389

OPENSUSE-SU-2020:0621-1

OPENSUSE-SU-2020_0621-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2020:1209-1

SUSE-SU-2020:1218-1

SUSE-SU-2020:14359-1

Affected Products

Alt Linux

Firefox

Suse

PT-2020-3497 · Mozilla+2 · Firefox+2

CVE-2020-12389

Weakness Enumeration

Related Identifiers

Affected Products

References · 1899