{"vulnerability": "CVE-2020-1240", "sightings": [{"uuid": "9fce8c4f-4c41-497d-96d3-9a82f0b278b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12408", "type": "seen", "source": "https://t.me/cibsecurity/13349", "content": "ATENTION\u203c New - CVE-2020-12408\n\nWhen browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:04.000000Z"}, {"uuid": "ed06c7f8-7c3a-4c68-9fbd-c44946502b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12405", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/1257", "content": "#exploit\n1. CVE-2020-12405:\nRCE in Firefox\u2019s (76.0a1 (2020-04-01) x64) SharedWorkerService function\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1053\n\n2. CVE-2020-8103:\nBitDefender Antivirus 2020 <1.0.17 - EoP\nhttps://github.com/RedyOpsResearchLabs/-CVE-2020-8103-Bitdefender-Antivirus-Free-EoP", "creation_timestamp": "2024-10-28T15:43:31.000000Z"}, {"uuid": "2c89566f-789c-4bb2-9cbd-cb5b95e2f99c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12402", "type": "seen", "source": "https://t.me/cibsecurity/13354", "content": "ATENTION\u203c New - CVE-2020-12402\n\nDuring RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:12.000000Z"}, {"uuid": "10f79f72-12fc-4d34-9752-dbef34f55123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12407", "type": "seen", "source": "https://t.me/cibsecurity/13350", "content": "ATENTION\u203c New - CVE-2020-12407\n\nMozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:05.000000Z"}, {"uuid": "da40e3ea-95fe-42ac-8a49-e6061f2034f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12406", "type": "seen", "source": "https://t.me/cibsecurity/13351", "content": "ATENTION\u203c New - CVE-2020-12406\n\nMozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:05.000000Z"}, {"uuid": "f3362dad-4a0a-4b45-8da9-76f690c2dcb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12405", "type": "seen", "source": "https://t.me/cibsecurity/13352", "content": "ATENTION\u203c New - CVE-2020-12405\n\nWhen browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:06.000000Z"}, {"uuid": "388c3eab-3f41-4640-a520-d6adc44fa6b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12404", "type": "seen", "source": "https://t.me/cibsecurity/13353", "content": "ATENTION\u203c New - CVE-2020-12404\n\nFor native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-09T18:55:07.000000Z"}, {"uuid": "463e21fa-6ef2-4e2d-8368-4f9d999a6a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12405", "type": "seen", "source": "https://t.me/SecLabNews/7816", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u044b Cisco Talos \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2020-12405) \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Mozilla Firefox, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u041c\u0430\u0440\u0446\u0438\u043d\u043e\u043c \u041d\u043e\u0433\u0430 (Marcin Noga).    \n\u0412 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Mozilla Firefox \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c", "creation_timestamp": "2020-06-16T00:23:50.000000Z"}]}