CVE-2020-12388: Input Validation

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1618911
• https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/
• https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/
• https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387
• http://packetstormsecurity.com/files/157860/Firefox-Default-Content-Process-DACL-Sandbox-Escape.html
• https://www.mozilla.org/security/advisories/mfsa2020-16/
• https://www.mozilla.org/security/advisories/mfsa2020-17/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2020-16
• MFSA2020-17

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2020-12387
• CVE-2020-12388
• CVE-2020-12389
• CVE-2020-6831
• CVE-2020-12390
• CVE-2020-12391
• CVE-2020-12392
• CVE-2020-12393
• CVE-2020-12394
• CVE-2020-12395
• CVE-2020-12396

Frequently Asked Questions

• What is the severity of CVE-2020-12388?

  CVE-2020-12388 is rated as a high severity vulnerability due to its potential for sandbox escape.

• How do I fix CVE-2020-12388?

  To fix CVE-2020-12388, update your Firefox or Firefox ESR to versions 76 or 68.8 respectively.

• Who is affected by CVE-2020-12388?

  CVE-2020-12388 affects users of Firefox and Firefox ESR running on Windows operating systems.

• What type of vulnerability is CVE-2020-12388?

  CVE-2020-12388 is a sandbox escape vulnerability that allows for insufficient access control.

• When was CVE-2020-12388 disclosed?

  CVE-2020-12388 was disclosed by Mozilla as part of their security advisory in 2020.