CVE-2020-26961Improperly Implemented Security Check for Standard in Mozilla Firefox

CWE-358Improperly Implemented Security Check for Standard12 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 48.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 9
Latest updateMay 24

Description

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefox< 83
NVDmozilla/firefox< 83.0
CVEListV5mozilla/firefox_esr< 78.5
CVEListV5mozilla/thunderbird< 78.5

🔴Vulnerability Details

3
GHSA
GHSA-4fh9-jvf5-584j: When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH2022-05-24
CVEList
CVE-2020-26961: When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH2020-12-09
OSV
CVE-2020-26961: When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH2020-12-09

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2020-11-25
Ubuntu
Firefox vulnerabilities2020-11-19
Ubuntu
Firefox vulnerabilities2020-11-18
Red Hat
Mozilla: DoH did not filter IPv4 mapped IP Addresses2020-11-17
Debian
CVE-2020-26961: firefox - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP r...2020
CVE-2020-26961 — Mozilla Firefox vulnerability | cvebase