CVE-2020-12418
published 2020-07-09CVE-2020-12418: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
3.03%
85.9th percentile
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | firefox | < firefox 78.0-1 (sid) | firefox 78.0-1 (sid) |
| debian | firefox-esr | < firefox 78.0-1 (sid) | firefox 78.0-1 (sid) |
| debian | thunderbird | < firefox 78.0-1 (sid) | firefox 78.0-1 (sid) |
| mozilla | firefox | < 78.0 | 78.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 78.0.1+build1-0ubuntu0.16.04.1 | 78.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 78.0.1+build1-0ubuntu0.18.04.1 | 78.0.1+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 78.0.1+build1-0ubuntu0.20.04.1 | 78.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 78 | 78 |
| mozilla | firefox_esr | < 68.10 | 68.10 |
| mozilla | firefox_esr | >= unspecified < 68.10 | 68.10 |
| mozilla | thunderbird | < 68.10.0 | 68.10.0 |
| mozilla | thunderbird | >= 0 < 1:68.10.0-1 | 1:68.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0-1 | 1:68.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0-1 | 1:68.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0-1 | 1:68.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0+build1-0ubuntu0.16.04.1 | 1:68.10.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0+build1-0ubuntu0.18.04.1 | 1:68.10.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 0 < 1:68.10.0+build1-0ubuntu0.20.04.1 | 1:68.10.0+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= unspecified < 68.10.0 | 68.10.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_apache7.0HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-07-08·CVSS 7.5
CVE-2020-12398 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, or execute arbtirary code. (CVE-2020-12405,
CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420)
It was discovered that Thunderbird would continue an unencrypted
connection when configured to use STARTTLS for IMAP if the server
responded with PREAUTH. A remote attacker could potentially exploit
this to perform a person-in-the-middle attack in order to obtain
sensitive information. (CVE-2020-12398)
It was d
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-07-02·CVSS 6.5
CVE-2020-12420 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, bypass permission prompts, or execute arbitrary code.
(CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424,
CVE-2020-12425, CVE-2020-12426)
It was discovered that when performing add-on updates, certificate chains
not terminating with built-in roots were silently rejected. This could
result in add-ons becoming outdated. (CVE-2020-12421)
Instructions: After a st
Red Hat
Mozilla: Information disclosure due to manipulated URL object
vendor_redhat·2020-06-30·CVSS 6.5
CVE-2020-12418 [MEDIUM] CWE-200 Mozilla: Information disclosure due to manipulated URL object
Mozilla: Information disclosure due to manipulated URL object
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
The Mozilla Foundation Security Advisory describes this flaw as:
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2020-12418: firefox - Manipulating individual parts of a URL object could have caused an out-of-bounds...
vendor_debian·2020·CVSS 6.5
CVE-2020-12418 [MEDIUM] CVE-2020-12418: firefox - Manipulating individual parts of a URL object could have caused an out-of-bounds...
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Scope: local
sid: resolved (fixed in 78.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-25: CVE-2020-12418
vendor_mozilla·CVSS 6.5
CVE-2020-12418 [MEDIUM] Mozilla Foundation Security Advisory 2020-25: CVE-2020-12418
Mozilla Foundation Security Advisory 2020-25
CVE: CVE-2020-12418
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 68.10
Mozilla
Mozilla Foundation Security Advisory 2020-29: CVE-2020-12418
vendor_mozilla·CVSS 6.5
CVE-2020-12418 [MEDIUM] Mozilla Foundation Security Advisory 2020-29: CVE-2020-12418
Mozilla Foundation Security Advisory 2020-29
CVE: CVE-2020-12418
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 78
Mozilla
Mozilla Foundation Security Advisory 2020-24: CVE-2020-12418
vendor_mozilla·CVSS 6.5
CVE-2020-12418 [MEDIUM] Mozilla Foundation Security Advisory 2020-24: CVE-2020-12418
Mozilla Foundation Security Advisory 2020-24
CVE: CVE-2020-12418
Product: Firefox
Impact: high
Fixed in: Firefox 78
Mozilla
Mozilla Foundation Security Advisory 2020-26: CVE-2020-12418
vendor_mozilla·CVSS 6.5
CVE-2020-12418 [MEDIUM] Mozilla Foundation Security Advisory 2020-26: CVE-2020-12418
Mozilla Foundation Security Advisory 2020-26
CVE: CVE-2020-12418
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 68.10
Apache
Apache tomcat: CVE-2019-12418
vendor_apache·CVSS 7.0
CVE-2019-12418 [HIGH] Apache tomcat: CVE-2019-12418
Apache tomcat: CVE-2019-12418
When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. The JMX Remote Lifecycle Listener will be deprecated in future Tomcat releases, will be removed for Tomcat 10 and may be removed from all Tomcat releases some time after 31 December 2020. Users should also be aware of
GHSA
GHSA-wqm8-hxqc-qwpc: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript
ghsa_unreviewed·2022-05-24
CVE-2020-12418 [MEDIUM] CWE-125 GHSA-wqm8-hxqc-qwpc: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
OSV
CVE-2020-12418: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript
osv·2020-07-09·CVSS 6.5
CVE-2020-12418 [MEDIUM] CVE-2020-12418: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
OSV
thunderbird vulnerabilities
osv·2020-07-08·CVSS 7.5
CVE-2020-12405 [HIGH] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, or execute arbtirary code. (CVE-2020-12405,
CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420)
It was discovered that Thunderbird would continue an unencrypted
connection when configured to use STARTTLS for IMAP if the server
responded with PREAUTH. A remote attacker could potentially exploit
this to perform a person-in-the-middle attack in order to obtain
sensitive information. (CVE-2020-12398)
It was discovered that NSS showed timing differences when performing DSA
sig
OSV
firefox vulnerabilities
osv·2020-07-02·CVSS 6.5
CVE-2020-12415 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, bypass permission prompts, or execute arbitrary code.
(CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424,
CVE-2020-12425, CVE-2020-12426)
It was discovered that when performing add-on updates, certificate chains
not terminating with built-in roots were silently rejected. This could
result in add-ons becoming outdated. (CVE-2020-12421)
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
blogs_talos·2020-07-01·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
## Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If
successful, the adversary could use leaked memory to bypass ASLR and, in combination with other vulnerabilities, obtain the ability to execute arbitrary code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Mozilla to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details Mozilla Firefox URL mPath information disclosure vulnerability (TALOS-2020-1088/CVE-2020-12418)
An information disclosure vulnerabili
Talos
Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
blogs_talos·2020-07-01·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If
successful, the adversary could use leaked memory to bypass ASLR and, in combination with other vulnerabilities, obtain the ability to execute arbitrary code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Mozilla to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsMozilla Firefox URL mPath information disclosure vulnerability (TALOS-2020-1088/CVE-2020-12418)
An information disclosure vulnerability exists in the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 7
Bugzilla
CVE-2020-12418 Mozilla: Information disclosure due to manipulated URL object
bugzilla·2020-07-01·CVSS 6.5
CVE-2020-12418 [MEDIUM] CVE-2020-12418 Mozilla: Information disclosure due to manipulated URL object
CVE-2020-12418 Mozilla: Information disclosure due to manipulated URL object
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Marcin 'Icewall' Noga (Cisco Talos)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:2825 https://access.redhat.com/errata/RHSA-2020:2825
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2020:2824 https://access.redhat.com/errata/RHSA-2020:2824
---
This issue has been ad
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1641303https://security.gentoo.org/glsa/202007-09https://security.gentoo.org/glsa/202007-10https://usn.ubuntu.com/4421-1/https://www.mozilla.org/security/advisories/mfsa2020-24/https://www.mozilla.org/security/advisories/mfsa2020-25/https://www.mozilla.org/security/advisories/mfsa2020-26/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1641303https://security.gentoo.org/glsa/202007-09https://security.gentoo.org/glsa/202007-10https://usn.ubuntu.com/4421-1/https://www.mozilla.org/security/advisories/mfsa2020-24/https://www.mozilla.org/security/advisories/mfsa2020-25/https://www.mozilla.org/security/advisories/mfsa2020-26/
2020-07-09
Published