The Mozilla Foundation has released Firefox 80 that includes some minor feature improvements and security fixes for multiple vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2020-36, Firefox 80 patched 10 vulnerabilities, to include 3 High severity vulnerabilities.
The High severity issues patched include:
- CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege.
- CVE-2020-15664: Attacker-induced prompt for extension installation.
- CVE-2020-15670: Memory safety bugs.
Mozilla also noted that the memory safety vulnerability CVE-2020-15670 could be exploited to run arbitrary code.