CVE-2020-12405
published 2020-07-09CVE-2020-12405: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects…
PriorityP422medium5.3CVSS 3.1
AVNACHPRNUIRSUCNINAH
EPSS
1.35%
68.2th percentile
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | firefox | < firefox 77.0-1 (sid) | firefox 77.0-1 (sid) |
| debian | firefox-esr | < firefox 77.0-1 (sid) | firefox 77.0-1 (sid) |
| debian | thunderbird | < firefox 77.0-1 (sid) | firefox 77.0-1 (sid) |
| mozilla | firefox | < 77.0 | 77.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 77.0.1+build1-0ubuntu0.16.04.1 | 77.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 77.0.1+build1-0ubuntu0.18.04.1 | 77.0.1+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 77.0.1+build1-0ubuntu0.20.04.1 | 77.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 77 | 77 |
| mozilla | firefox_esr | < 68.9.0 | 68.9.0 |
| mozilla | firefox_esr | >= unspecified < 68.9 | 68.9 |
| mozilla | thunderbird | < 68.9.0 | 68.9.0 |
| mozilla | thunderbird | >= 0 < 1:68.9.0-1 | 1:68.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.9.0-1 | 1:68.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.9.0-1 | 1:68.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.9.0-1 | 1:68.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0+build1-0ubuntu0.16.04.1 | 1:68.10.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0+build1-0ubuntu0.18.04.1 | 1:68.10.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0+build1-0ubuntu0.20.04.1 | 1:68.10.0+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= unspecified < 68.9.0 | 68.9.0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-07-08·CVSS 7.5
CVE-2020-12398 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, or execute arbtirary code. (CVE-2020-12405,
CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420)
It was discovered that Thunderbird would continue an unencrypted
connection when configured to use STARTTLS for IMAP if the server
responded with PREAUTH. A remote attacker could potentially exploit
this to perform a person-in-the-middle attack in order to obtain
sensitive information. (CVE-2020-12398)
It was d
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-06-04·CVSS 4.4
CVE-2020-12399 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406,
CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410,
CVE-2020-12411)
It was discovered that NSS showed timing differences when performing DSA
signatures. An attacker could potentially exploit this to obtain private
keys using a timing attack. (CVE-2020-12399)
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: Use-after-free in SharedWorkerService
vendor_redhat·2020-06-02·CVSS 5.3
CVE-2020-12405 [MEDIUM] CWE-416 Mozilla: Use-after-free in SharedWorkerService
Mozilla: Use-after-free in SharedWorkerService
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
The Mozilla Foundation Security Advisory describes this flaw as:
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2020-12405: firefox - When browsing a malicious page, a race condition in our SharedWorkerService coul...
vendor_debian·2020·CVSS 5.3
CVE-2020-12405 [MEDIUM] CVE-2020-12405: firefox - When browsing a malicious page, a race condition in our SharedWorkerService coul...
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Scope: local
sid: resolved (fixed in 77.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-22: CVE-2020-12405
vendor_mozilla·CVSS 5.3
CVE-2020-12405 [MEDIUM] Mozilla Foundation Security Advisory 2020-22: CVE-2020-12405
Mozilla Foundation Security Advisory 2020-22
CVE: CVE-2020-12405
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 68.9
Mozilla
Mozilla Foundation Security Advisory 2020-20: CVE-2020-12405
vendor_mozilla·CVSS 5.3
CVE-2020-12405 [MEDIUM] Mozilla Foundation Security Advisory 2020-20: CVE-2020-12405
Mozilla Foundation Security Advisory 2020-20
CVE: CVE-2020-12405
Product: Firefox
Impact: high
Fixed in: Firefox 77
Mozilla
Mozilla Foundation Security Advisory 2020-21: CVE-2020-12405
vendor_mozilla·CVSS 5.3
CVE-2020-12405 [MEDIUM] Mozilla Foundation Security Advisory 2020-21: CVE-2020-12405
Mozilla Foundation Security Advisory 2020-21
CVE: CVE-2020-12405
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 68.9
GHSA
GHSA-7768-mfm4-9cmv: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash
ghsa_unreviewed·2022-05-24
CVE-2020-12405 [LOW] CWE-362 GHSA-7768-mfm4-9cmv: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
OSV
CVE-2020-12405: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash
osv·2020-07-09·CVSS 5.3
CVE-2020-12405 [MEDIUM] CVE-2020-12405: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
OSV
thunderbird vulnerabilities
osv·2020-07-08·CVSS 7.5
CVE-2020-12405 [HIGH] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, or execute arbtirary code. (CVE-2020-12405,
CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420)
It was discovered that Thunderbird would continue an unencrypted
connection when configured to use STARTTLS for IMAP if the server
responded with PREAUTH. A remote attacker could potentially exploit
this to perform a person-in-the-middle attack in order to obtain
sensitive information. (CVE-2020-12398)
It was discovered that NSS showed timing differences when performing DSA
sig
OSV
firefox vulnerabilities
osv·2020-06-04·CVSS 4.4
CVE-2020-12405 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406,
CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410,
CVE-2020-12411)
It was discovered that NSS showed timing differences when performing DSA
signatures. An attacker could potentially exploit this to obtain private
keys using a timing attack. (CVE-2020-12399)
No detection rules found.
Exploit-DB
b2evolution 6.11.6 - 'tab3' Reflected XSS
exploitdb·2021-02-11·CVSS 6.1
CVE-2020-22839 [MEDIUM] b2evolution 6.11.6 - 'tab3' Reflected XSS
b2evolution 6.11.6 - 'tab3' Reflected XSS
---
# Exploit Title: b2evolution 6.11.6 - 'tab3' Reflected XSS
# CVE: CVE-2020-22839
# Date: 10/02/2021
# Exploit Author: Nakul Ratti, Soham Bakore
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
--------------------------Proof of Concept-----------------------
Steps to Reproduce:
1. Send the following URL http://HOST/evoadm.php?.ctrl=comments&filter=restore&tab3=123%22onmouseover=%22alert(document.domain)%22&blog=1&blog=1 to the logged in victim using any social engineering technique.
2. When an unsuspecting user with high privileges opens this URL, XSS will be triggered which will e
Exploit-DB
b2evolution 6.11.6 - 'redirect_to' Open Redirect
exploitdb·2021-02-11·CVSS 6.1
CVE-2020-22840 [MEDIUM] b2evolution 6.11.6 - 'redirect_to' Open Redirect
b2evolution 6.11.6 - 'redirect_to' Open Redirect
---
# Exploit Title: b2evolution 6.11.6 - 'redirect_to' Open Redirect
# Date: 10/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : CVE-2020-22840
--------------------------Proof of Concept-----------------------
1. Send the following link : http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com to the unsuspecting user
2. The user will be redirected to Google.com or any other attacker controlled domain
3. This can be used to perfor
Exploit-DB
b2evolution 6.11.6 - 'plugin name' Stored XSS
exploitdb·2021-02-10·CVSS 4.8
CVE-2020-22841 [MEDIUM] b2evolution 6.11.6 - 'plugin name' Stored XSS
b2evolution 6.11.6 - 'plugin name' Stored XSS
---
# Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS
# Date: 09/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : CVE-2020-22841
--------------------------Proof of Concept-----------------------
1. Login with an account having high privileges
2. Navigate to System -> Plugins and select any plugin
3. Change the plugin name and enter the following payload "> in the name parameter
4. Payload gets stored in the database
5. The payload gets executed after the victim checks the plugin page.
6. This vulnerability nee
Talos
Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function
blogs_talos·2020-06-10·CVSS 5.3
[MEDIUM] Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This
vulnerability can be triggered if the user visits a malicious web page. The attacker can design this page in a way that it would cause a race condition, eventually leading to a use-after-free vulnerability and remote code execution.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Mozilla to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsMozilla Firefox SharedWorkerService code execution vulnerability (TALOS
Bugzilla
CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService
bugzilla·2020-06-03·CVSS 5.3
CVE-2020-12405 [MEDIUM] CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService
CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Marcin 'Icewall' Noga (Cisco Talos)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:2379 https://access.redhat.com/errata/RHSA-2020:2379
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.1 Extended Update Support
Via RHSA-2020:2380 https://access.redhat.com/errata/RHSA-2020:2380
---
This issue has been addressed in the following pr
Bugzilla
CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
bugzilla·2020-06-02·CVSS 5.3
CVE-2020-12410 [MEDIUM] CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Tom Tung and Karl Tomlinson
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:2379 https://access.redhat.com/errata/RHSA-2020:2379
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.1 Extended Update S
https://bugzilla.mozilla.org/show_bug.cgi?id=1631618https://usn.ubuntu.com/4421-1/https://www.mozilla.org/security/advisories/mfsa2020-20/https://www.mozilla.org/security/advisories/mfsa2020-21/https://www.mozilla.org/security/advisories/mfsa2020-22/https://bugzilla.mozilla.org/show_bug.cgi?id=1631618https://usn.ubuntu.com/4421-1/https://www.mozilla.org/security/advisories/mfsa2020-20/https://www.mozilla.org/security/advisories/mfsa2020-21/https://www.mozilla.org/security/advisories/mfsa2020-22/
2020-07-09
Published