May 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability
September 22, 2020Rewterz Threat Alert – APT28 Delivers Zebrocy Malware Campaign Using NATO Theme as Lure
September 23, 2020Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability
September 22, 2020Rewterz Threat Alert – APT28 Delivers Zebrocy Malware Campaign Using NATO Theme as Lure
September 23, 2020
Severity
High
Analysis Summary
CVE-2020-15674
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2020-15678
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability. An iterator may become invalid when recursing through graphical layers while scrolling. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2020-15676
Mozilla Firefox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when pasting attacker-controlled data into a contenteditable element. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2020-15677
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, using an open redirect vulnerability. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the site displayed in the download file dialog to show the original site.
Impact
- Gain Access
- Denial of service
- Cross-site scripting
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 80
- Mozilla Firefox ESR 78.2
Remediation
Refer to Mozilla advisory for the complete list of affected products and their respective patches.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/
