CVE-2020-15667 - OpenCVE

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1653371	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-36/	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2020-10-01T18:42:42

Updated: 2020-10-01T18:42:42

Reserved: 2020-07-10T00:00:00

Link: CVE-2020-15667

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-01T19:15:13.267

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-15667

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "80", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80."}], "problemTypes": [{"descriptions": [{"description": "Heap overflow when processing an update file", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T18:42:42", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653371"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-15667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "80"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap overflow when processing an update file"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653371", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653371"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-15667", "datePublished": "2020-10-01T18:42:42", "dateReserved": "2020-07-10T00:00:00", "dateUpdated": "2020-10-01T18:42:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "334D3118-529D-4AAB-82A4-1EC3AA047D3D", "versionEndExcluding": "80.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80."}, {"lang": "es", "value": "Cuando se procesa un archivo de actualizaci\u00f3n MAR, despu\u00e9s de que haya sido comprobada la firma, una longitud de nombre no v\u00e1lida podr\u00eda resultar en un desbordamiento de la pila, conllevando a una corrupci\u00f3n de la memoria y una ejecuci\u00f3n de c\u00f3digo potencialmente arbitraria. En Firefox, tal como es lanzado por Mozilla, este problema solo es explotable con la clave de firma controlada por Mozilla. Esta vulnerabilidad afecta a Firefox versiones anteriores a 80"}], "id": "CVE-2020-15667", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-01T19:15:13.267", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653371"}, {"source": "security@mozilla.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}