Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-26961

Опубликовано: 17 нояб. 2020
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2020:523830.11.2020
Red Hat Enterprise Linux 6firefoxFixedRHSA-2020:525730.11.2020
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2020:523530.11.2020
Red Hat Enterprise Linux 7firefoxFixedRHSA-2020:523930.11.2020
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2020:523630.11.2020
Red Hat Enterprise Linux 8firefoxFixedRHSA-2020:523730.11.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsthunderbirdFixedRHSA-2020:524030.11.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsfirefoxFixedRHSA-2020:531401.12.2020
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2020:523130.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-358
https://bugzilla.redhat.com/show_bug.cgi?id=1898738Mozilla: DoH did not filter IPv4 mapped IP Addresses

EPSS

Процентиль: 51%
0.00275
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-26961

CVSS3: 6.5
ubuntu
около 5 лет назад

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

nvd логотип

CVE-2020-26961

CVSS3: 6.5
nvd
около 5 лет назад

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

debian логотип

CVE-2020-26961

CVSS3: 6.5
debian
около 5 лет назад

When DNS over HTTPS is in use, it intentionally filters RFC1918 and re ...

github логотип

GHSA-4fh9-jvf5-584j

github
больше 3 лет назад

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

oracle-oval логотип

ELSA-2020-5257

oracle-oval
около 5 лет назад

ELSA-2020-5257: firefox security update (IMPORTANT)

EPSS

Процентиль: 51%
0.00275
Низкий

6.1 Medium

CVSS3

Уязвимость CVE-2020-26961