Severity

Medium

Analysis Summary

CVE-2020-26969

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2020-26967

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when listening for page changes with a Mutation Observer. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to break or confuse Firefox Screenshots feature.

CVE-2020-26966

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the broadcasting of single-word queries to a local network. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2020-26956

Mozilla Firefox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when removing HTML elements. A remote attacker could exploit this vulnerability using paste (manual and clipboard API) in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

• Execute arbitrary code 
• Security Bypass 
• Information disclosure
• Cross-site scripting

Affected Vendors

Mozilla

Affected Products

Mozilla Firefox 82.0.2

Remediation

Users are advised to update to the latest version of the Mozilla Firefox.