Arch Linux update for firefox

Nov 17, 2020 08:00 pm Cyber Security 233
Published: 2020-11-17


Risk
Critical
Patch available
YES
Number of vulnerabilities
16
CVE ID
CVE-2020-15999CVE-2020-16012CVE-2020-26951CVE-2020-26952CVE-2020-26953CVE-2020-26956CVE-2020-26958CVE-2020-26959CVE-2020-26960CVE-2020-26961CVE-2020-26962CVE-2020-26963CVE-2020-26965CVE-2020-26967CVE-2020-26968CVE-2020-26969
CWE ID
CWE-122CWE-346CWE-20CWE-119CWE-79CWE-264CWE-416CWE-358CWE-435CWE-399CWE-200
Exploitation vector
Network
Public exploit
Vulnerability #1 is being exploited in the wild.
Vulnerable softwareSubscribe
Arch LinuxOperating systems & Components / Operating system
Vendor
Arch Linux

Security Advisory



1) Heap-based buffer overflow


Risk: Critical


CVSSv3: 8.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]


CVE-ID: CVE-2020-15999


CWE-ID: CWE-122 - Heap-based Buffer Overflow


Exploit availability: Yes [Search exploit]


Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.


The vulnerability exists due to a boundary error in freetype library when processing TTF files. A remote attacker can pass specially crafted TTF file with ..

Support the originator by clicking the read the rest link below.

linux update firefox
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!