Lucene search

Ubuntu.comUB:CVE-2020-26978

HistoryDec 15, 2020 - 12:00 a.m.

CVE-2020-26978

2020-12-1500:00:00

ubuntu.com

cve-2020-26978

slipstream vulnerability

firefox

thunderbird

firefox esr

network exposure

internal hosts

malicious webpage

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.3%

JSON

Using techniques that built on the slipstream research, a malicious webpage
could have exposed both an internal network’s hosts as well as services
running on the user’s local machine. This vulnerability affects Firefox <
84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfirefox< 84.0+build3-0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchfirefox< 84.0+build3-0ubuntu0.20.04.1UNKNOWN
ubuntu20.10noarchfirefox< 84.0+build3-0ubuntu0.20.10.1UNKNOWN
ubuntu21.04noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN
ubuntu21.10noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN
ubuntu22.04noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN
ubuntu22.10noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN
ubuntu23.04noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN
ubuntu23.10noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN
ubuntu24.04noarchfirefox< 84.0+build3-0ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	firefox	< 84.0+build3-0ubuntu0.18.04.1	UNKNOWN
ubuntu	20.04	noarch	firefox	< 84.0+build3-0ubuntu0.20.04.1	UNKNOWN
ubuntu	20.10	noarch	firefox	< 84.0+build3-0ubuntu0.20.10.1	UNKNOWN
ubuntu	21.04	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN
ubuntu	21.10	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN
ubuntu	22.04	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN
ubuntu	22.10	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN
ubuntu	23.04	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN
ubuntu	23.10	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN
ubuntu	24.04	noarch	firefox	< 84.0+build3-0ubuntu2	UNKNOWN