CVE-2020-15681
published 2020-10-22CVE-2020-15681: When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.08%
61.0th percentile
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 82.0-1 (sid) | firefox 82.0-1 (sid) |
| mozilla | firefox | < 82.0 | 82.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 82.0+build2-0ubuntu0.16.04.5 | 82.0+build2-0ubuntu0.16.04.5 |
| mozilla | firefox | >= 0 < 82.0+build2-0ubuntu0.18.04.1 | 82.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 82.0+build2-0ubuntu0.20.04.1 | 82.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 82 | 82 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-10-26
CVE-2020-15680 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
USN-4599-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the prompt
for opening an external application, obtain sensitive information, or execute
arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-10-23
CVE-2020-15680 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the prompt
for opening an external application, obtain sensitive information, or execute
arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Debian
CVE-2020-15681: firefox - When multiple WASM threads had a reference to a module, and were looking up expo...
vendor_debian·2020·CVSS 7.5
CVE-2020-15681 [HIGH] CVE-2020-15681: firefox - When multiple WASM threads had a reference to a module, and were looking up expo...
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.
Scope: local
sid: resolved (fixed in 82.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-45: CVE-2020-15681
vendor_mozilla·CVSS 7.5
CVE-2020-15681 [HIGH] Mozilla Foundation Security Advisory 2020-45: CVE-2020-15681
Mozilla Foundation Security Advisory 2020-45
CVE: CVE-2020-15681
Product: Firefox
Impact: high
Fixed in: Firefox 82
GHSA
GHSA-5fqm-5hwj-59mf: When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry
ghsa_unreviewed·2022-05-24
CVE-2020-15681 [HIGH] GHSA-5fqm-5hwj-59mf: When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.
OSV
CVE-2020-15681: When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry
osv·2020-10-22·CVSS 7.5
CVE-2020-15681 [HIGH] CVE-2020-15681: When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.
Suricata
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6354 [HIGH] ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"iNews="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; classtype:web-application-attack; sid:2006715; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tech
Suricata
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6354 [HIGH] ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"iNews="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; classtype:web-application-attack; sid:2006717; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6354 [HIGH] ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"iNews="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; classtype:web-application-attack; sid:2006714; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tech
Suricata
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6354 [HIGH] ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"iNews="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; classtype:web-application-attack; sid:2006716; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tech
Suricata
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6354 [HIGH] ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"iNews="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; classtype:web-application-attack; sid:2006712; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6354 [HIGH] ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT
ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"iNews="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; classtype:web-application-attack; sid:2006713; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
No public exploits indexed.
No writeups or analysis indexed.
2020-10-22
Published