PT-2020-6746 · Mozilla+6 · Firefox+8

Mikhail Oblozhikhin

·

Published

2020-07-28

·

Updated

2024-12-12

·

CVE-2020-15652

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 79 Mozilla Firefox ESR versions prior to 78.1 Thunderbird versions prior to 78.1
Description The issue is related to information leakage in error messages. It allows a remote attacker to disclose protected information by observing the stack trace for JavaScript errors in web workers, specifically when content can be parsed as script.
Recommendations For Mozilla Firefox versions prior to 79, update to version 79 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 78.1, update to version 78.1 or later to resolve the issue. For Thunderbird versions prior to 78.1, update to version 78.1 or later to resolve the issue.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-209CWE-346

Related Identifiers

ALT-PU-2020-2466
ALT-PU-2020-2598
ALT-PU-2020-2709
ALT-PU-2020-2933
ALT-PU-2020-2934
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
BDU:2022-05935
CESA-2020_3233
CESA-2020_3241
CESA-2020_3253
CESA-2020_3341
CESA-2020_3344
CESA-2020_3345
CVE-2020-15652
DLA-2297-1
DLA-2310-1
DSA-4736-1
DSA-4740-1
MGASA-2020-0318
MGASA-2020-0320
OPENSUSE-SU-2020:1147-1
OPENSUSE-SU-2020:1155-1
OPENSUSE-SU-2020:1179-1
OPENSUSE-SU-2020:1189-1
OPENSUSE-SU-2020:1205-1
OPENSUSE-SU-2020_1147-1
OPENSUSE-SU-2020_1155-1
OPENSUSE-SU-2020_1179-1
OPENSUSE-SU-2020_1189-1
OPENSUSE-SU-2020_1205-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:3229
RHSA-2020:3233
RHSA-2020:3241
RHSA-2020:3253
RHSA-2020:3254
RHSA-2020:3341
RHSA-2020:3342
RHSA-2020:3343
RHSA-2020:3344
RHSA-2020:3345
RHSA-2020_3233
RHSA-2020_3241
RHSA-2020_3253
RHSA-2020_3341
RHSA-2020_3344
RHSA-2020_3345
SUSE-SU-2020:14456-1
SUSE-SU-2020:2100-1
SUSE-SU-2020:2118-1
SUSE-SU-2020:2147-1
SUSE-SU-2020:2179-1
USN-4443-1

Affected Products

Alt Linux
Centos
Linuxmint
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu