Bug 1831944 (CVE-2020-12388)
Summary: | CVE-2020-12388 Mozilla: Sandbox escape with improperly guarded Access Tokens | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | jhorak, security-response-team, stransky |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | firefox 68.8 | Doc Type: | If docs needed, set a value |
Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-06 04:31:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1828970 |
Description
Doran Moppert
2020-05-06 01:27:44 UTC
Acknowledgments: Name: the Mozilla project Upstream: James Forshaw (Google Project Zero) Statement: This issue only affects Firefox on Windows operating systems. Firefox on Linux is not affected. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12388 |