A new information disclosure vulnerability, CVE-2020-12418, was just discovered in Mozilla Firefox. Discovered by Cisco Talos, the vulnerability can be exploited by tricking the user into visiting a specially crafted web page via the browser.
In case of a successful exploit, the threat actor could use leaked memory to bypass ASLR (Address Space Layout Randomization). If the flaw is combined with other bugs, the attacker could obtain the ability to execute arbitrary code, the researchers warn.
“In accordance with our coordinated disclosure policy, Cisco Talos worked with Mozilla to ensure that these issues are resolved and that an update is available for affected customers,” the blog post says.
Mozilla Firefox Information Disclosure Vulnerability: CVE-2020-12418
The official definition of the vulnerability is “Mozilla Firefox URL mPath information disclosure vulnerability (TALOS-2020-1088/CVE-2020-12418)”.
According to Cisco Talos:
An information disclosure vulnerability exists in the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64. A specially crafted URL object can cause an out-of-bounds read. An attacker can visit a webpage to trigger this vulnerability.
The issue has been tested on Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Mozilla Firefox Firefox Release Version 76.0.2 x64. Both versions of the browser are affected.
In more technical terms, the vulnerability is related with the URL object. “A malicious web page using a proper URL object state can leak the browser memory that consequently can help an attacker in bypassing ASLR and executing arbitrary code,” the researchers explain.
More information is available.
Last month, Mozilla released security updates addressing eight vulnerabilities, five of which rated as high-risk. Three of the five high-risk flaws could allow arbitrary code execution. In the context of a web browser this means that loading a malicious page could easily lead to malware infections on the system. Fortunately, these bugs were discovered by Mozilla’s own developers.