Wednesday, June 10, 2020

Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This
vulnerability can be triggered if the user visits a malicious web page. The attacker can design this page in a way that it would cause a race condition, eventually leading to a use-after-free vulnerability and remote code execution.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Mozilla to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Mozilla Firefox SharedWorkerService code execution vulnerability (TALOS-2020-1053/CVE-2020-12405)

An exploitable code execution vulnerability exists in the SharedWorkerService functionality of Mozilla Firefox, version 76.0a1 (2020-04-01) x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects Mozilla Firefox, version 76.0a1 (2020-04-01), x64.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53759, 53760

No comments:

Post a Comment