CVE-2020-12396Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow11 documents8 sources
Severity
9.8CRITICALNVD
OSV8.1
EPSS
0.6%
top 31.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedMay 26
Latest updateMay 24

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified76
NVDmozilla/firefox< 76.0
Ubuntumozilla/firefox< 76.0.1+build1-0ubuntu0.16.04.1+5
mozillamozilla/firefox
debiandebian/firefox< firefox 76.0-1 (sid)

🔴Vulnerability Details

4
GHSA
GHSA-764w-vr4w-hf3x: Mozilla developers and community members reported memory safety bugs present in Firefox 752022-05-24
OSV
firefox regression2020-05-12
OSV
firefox vulnerabilities2020-05-07
OSV
CVE-2020-12396: Mozilla developers and community members reported memory safety bugs present in Firefox 752020-05-07

📋Vendor Advisories

5
Ubuntu
Firefox regression2020-05-12
Ubuntu
Firefox vulnerabilities2020-05-07
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 762020-05-05
Debian
CVE-2020-12396: firefox - Mozilla developers and community members reported memory safety bugs present in ...2020
Mozilla
Mozilla Foundation Security Advisory 2020-16: CVE-2020-12396

💬Community

1
Bugzilla
CVE-2020-12396 Mozilla: Memory safety bugs fixed in Firefox 762020-05-12