{"vulnerability": "CVE-2020-1239", "sightings": [{"uuid": "f718aea5-cf65-4d5c-988c-298e224edb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12397", "type": "seen", "source": "https://t.me/cibsecurity/12305", "content": "ATENTION\u203c New - CVE-2020-12397 (thunderbird)\n\nBy encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:40.000000Z"}, {"uuid": "0be1c311-afb3-47e5-8831-cda57049b71c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12396", "type": "seen", "source": "https://t.me/cibsecurity/12306", "content": "ATENTION\u203c New - CVE-2020-12396\n\nMozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:41.000000Z"}, {"uuid": "1be49345-f3ed-4759-96b1-b57d2efd1763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12395", "type": "seen", "source": "https://t.me/cibsecurity/12307", "content": "ATENTION\u203c New - CVE-2020-12395\n\nMozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:42.000000Z"}, {"uuid": "2d41ebd4-2f1a-48b1-8c6d-311e9596316a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12394", "type": "seen", "source": "https://t.me/cibsecurity/12308", "content": "ATENTION\u203c New - CVE-2020-12394\n\nA logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:43.000000Z"}, {"uuid": "2196d96e-de5c-4bb5-a6d8-9bf651d33fa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12393", "type": "seen", "source": "https://t.me/cibsecurity/12309", "content": "ATENTION\u203c New - CVE-2020-12393\n\nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:43.000000Z"}, {"uuid": "9f7b5961-85cc-4b89-847b-55437aaea3a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12392", "type": "seen", "source": "https://t.me/cibsecurity/12310", "content": "ATENTION\u203c New - CVE-2020-12392\n\nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:44.000000Z"}, {"uuid": "6d8e3f18-d716-4920-99db-8a0fedf516ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12391", "type": "seen", "source": "https://t.me/cibsecurity/12311", "content": "ATENTION\u203c New - CVE-2020-12391\n\nDocuments formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:45.000000Z"}, {"uuid": "02d37d4d-c6d0-4274-bd62-d50b22dd5526", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12390", "type": "seen", "source": "https://t.me/cibsecurity/12312", "content": "ATENTION\u203c New - CVE-2020-12390\n\nIncorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:46.000000Z"}, {"uuid": "6ea02dfa-d5aa-4aee-9f23-e32f23734a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12399", "type": "seen", "source": "https://t.me/cibsecurity/13355", "content": "ATENTION\u203c New - CVE-2020-12399\n\nNSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:12.000000Z"}, {"uuid": "2d6bdac6-b186-4635-97af-a645f66dc496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12398", "type": "seen", "source": "https://t.me/cibsecurity/13356", "content": "ATENTION\u203c New - CVE-2020-12398\n\nIf Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:13.000000Z"}]}