Bug 1831945 (CVE-2020-12389)
Summary: | CVE-2020-12389 Mozilla: Sandbox escape with improperly separated process types | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | jhorak, security-response-team, stransky |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | firefox 68.8 | Doc Type: | If docs needed, set a value |
Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-06 04:31:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1828970 |
Description
Doran Moppert
2020-05-06 01:27:52 UTC
Acknowledgments: Name: the Mozilla project Upstream: Niklas Baumstark Statement: This issue only affects Firefox on Windows operating systems. Firefox on Linux is not affected. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12389 |