admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-01 19:01:51 +00:00
parent f00c663170
commit f2410b0ff5
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
22 changed files with 1303 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2020/15xxx/CVE-2020-15533.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.manageengine.com",
"refsource": "MISC",
"name": "https://www.manageengine.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14750",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
}
]
}

106
2020/15xxx/CVE-2020-15663.json
View File

@ -4,14 +4,114 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.2",
"version_affected": "<"
},
{
"version_value": "68.12",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "68.12",
"version_affected": "<"
},
{
"version_value": "78.2",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-41/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-41/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-38/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-38/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-40/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-40/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-37/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-37/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1643199",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1643199"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2."
}
]
}

122
2020/15xxx/CVE-2020-15664.json
View File

@ -4,14 +4,130 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.2",
"version_affected": "<"
},
{
"version_value": "68.12",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "68.12",
"version_affected": "<"
},
{
"version_value": "78.2",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Attacker-induced prompt for extension installation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-39/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-41/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-41/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-38/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-38/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-40/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-40/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-37/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-37/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80."
}
]
}

56
2020/15xxx/CVE-2020-15665.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651636",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651636"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80."
}
]
}

72
2020/15xxx/CVE-2020-15666.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MediaError message property leaks cross-origin response status"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-39/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1450853",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1450853"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80."
}
]
}

56
2020/15xxx/CVE-2020-15667.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap overflow when processing an update file"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653371",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653371"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80."
}
]
}

72
2020/15xxx/CVE-2020-15668.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Race when reading certificate information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-39/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651520",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651520"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80."
}
]
}

72
2020/15xxx/CVE-2020-15669.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "68.12",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "68.12",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-After-Free when aborting an operation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-40/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-40/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-37/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-37/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1656957",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1656957"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12."
}
]
}

104
2020/15xxx/CVE-2020-15670.json
View File

@ -4,14 +4,112 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.2",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.2",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox for Android 80"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-39/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-41/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-41/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-38/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-38/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651001%2C1653626%2C1656957",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651001%2C1653626%2C1656957"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80."
}
]
}

56
2020/15xxx/CVE-2020-15671.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "80",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Passwords could be saved to phone keyboard dictionary"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-39/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653862",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653862"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80."
}
]
}

88
2020/15xxx/CVE-2020-15673.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15673",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "81",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-43/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-43/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-44/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-42/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-42/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3."
}
]
}

56
2020/15xxx/CVE-2020-15674.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "81",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 81"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-42/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-42/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81."
}
]
}

56
2020/15xxx/CVE-2020-15675.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "81",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-After-Free in WebGL"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-42/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-42/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654211",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654211"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81."
}
]
}

88
2020/15xxx/CVE-2020-15676.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "81",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS when pasting attacker-controlled data into a contenteditable element"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-43/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-43/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-44/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-42/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-42/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646140",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646140"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3."
}
]
}

88
2020/15xxx/CVE-2020-15677.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "81",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Download origin spoofing via redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-43/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-43/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-44/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-42/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-42/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1641487",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1641487"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3."
}
]
}

88
2020/15xxx/CVE-2020-15678.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "81",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.3",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-43/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-43/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-44/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-42/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2020-42/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660211",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660211"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3."
}
]
}

18
2020/26xxx/CVE-2020-26505.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26506.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26507.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26508.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26509.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26510.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}