CVE-2020-12405 — Race Condition in Mozilla Firefox

CWE-362 — Race Condition CWE-416 — Use After Free19 documents11 sources

Severity

5.3MEDIUMNVD

OSV7.5OSV4.4

EPSS

0.7%

top 28.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +1 more

Timeline

PublishedJul 9

Latest updateMay 24

Description

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 77

▶NVDmozilla/firefox< 77.0

▶CVEListV5mozilla/firefox_esrunspecified — 68.9

▶NVDmozilla/firefox_esr< 68.9.0

▶Ubuntumozilla/firefox< 77.0.1+build1-0ubuntu0.16.04.1+2

Also affects: Ubuntu Linux 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

GHSA

GHSA-7768-mfm4-9cmv: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash↗2022-05-24

▶

CVEList

CVE-2020-12405: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash↗2020-07-09

▶

OSV

CVE-2020-12405: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash↗2020-07-09

▶

OSV

thunderbird vulnerabilities↗2020-07-08

▶

OSV

firefox vulnerabilities↗2020-06-04

▶

💥Exploits & PoCs

Exploit-DB

b2evolution 6.11.6 - 'tab3' Reflected XSS↗2021-02-11

▶

Exploit-DB

b2evolution 6.11.6 - 'redirect_to' Open Redirect↗2021-02-11

▶

Exploit-DB

b2evolution 6.11.6 - 'plugin name' Stored XSS↗2021-02-10

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2020-07-08

▶

Ubuntu

Firefox vulnerabilities↗2020-06-04

▶

Red Hat

Mozilla: Use-after-free in SharedWorkerService↗2020-06-02

▶

Debian

CVE-2020-12405: firefox - When browsing a malicious page, a race condition in our SharedWorkerService coul...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-22: CVE-2020-12405↗

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function↗2020-06-10

▶

💬Community

Bugzilla

CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService↗2020-06-03

▶

Bugzilla

CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9↗2020-06-02

▶