Mozilla Firefox is a product of the Mozilla Foundation. It is an open source Web browser with fast engine response and low memory footprint. Firefox has been selected by the media as the best browser of the year since 2005.
On November 17, Mozilla released an emergency security update for Firefox 83, Firefox ESR 78.5 Enterprise Edition, which mainly fixes important vulnerabilities such as arbitrary code execution and cross-site scripting attacks discovered in previous versions. The following are the details of the vulnerability:
Vulnerability details
1. CVE-2020-26968, CVE-2020-26969 Severity: High
A memory security vulnerability exists in Firefox 82 and Firefox ESR 78.4, which allows attackers to execute arbitrary code
2. CVE-2020-26951 severity: high
A mismatch between parsing and event loading in Firefox’s SVG code may cause the loading event to be triggered, even after it is cleared. Attackers who have been able to exploit XSS vulnerabilities in privileged internal pages can use this attack to bypass the built-in security cleaner.
3. CVE-2020-26952 severity: high
Incorrect accounting of functions inlined during JIT compilation may cause memory corruption, and may lead to exploitable crashes when handling out of memory errors.
4. CVE-2020-26956 severity: medium
In some cases, deleting HTML elements during the cleanup process will retain the existing SVG event handlers, which will lead to XSS cross-site scripting attacks (XSS attacks usually refer to exploiting vulnerabilities left during web development, through clever The method of injecting malicious instruction code into the web page allows the user to load and execute the web page program maliciously created by the attacker)
5. CVE-2020-16012 severity: medium
When drawing a transparent image on an unknown cross-original image, the drawImage function of the Skia library takes variable time, depending on the content of the underlying image. This leads to cross-domain information exposure of image content through timing edge attacks.
Affected products and versions
The above vulnerabilities affect Firefox v82 and earlier, Firefox ESR 78.4 and earlier
solution
Mozilla has released a security update, upgrade Firefox v83 version, Firefox ESR 78.5 version version can be repaired
For more vulnerability information and upgrades, please visit the official website:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.