CVE-2020-12390 — Deserialization of Untrusted Data in Mozilla Firefox

CWE-502 — Deserialization of Untrusted Data11 documents8 sources

Severity

9.8CRITICALNVD

OSV8.1

EPSS

1.5%

top 19.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedMay 26

Latest updateMay 24

Description

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/firefox< firefox 76.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 76

▶NVDmozilla/firefox< 76.0

▶Ubuntumozilla/firefox< 76.0.1+build1-0ubuntu0.16.04.1+5

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-2hhq-96pp-rf56: Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks↗2022-05-24

▶

OSV

firefox regression↗2020-05-12

▶

OSV

CVE-2020-12390: Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks↗2020-05-07

▶

OSV

firefox vulnerabilities↗2020-05-07

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2020-05-12

▶

Ubuntu

Firefox vulnerabilities↗2020-05-07

▶

Red Hat

Mozilla: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses↗2020-05-05

▶

Debian

CVE-2020-12390: firefox - Incorrect origin serialization of URLs with IPv6 addresses could lead to incorre...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-16: CVE-2020-12390↗

▶

💬Community

Bugzilla

CVE-2020-12390 Mozilla: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses↗2020-05-12

▶