CVE-2020-12406 — Insufficient Verification of Data Authenticity in Mozilla Firefox
CWE-345 — Insufficient Verification of Data AuthenticityCWE-843 — Type Confusion14 documents9 sources
Severity
8.8HIGHNVD
OSV7.5OSV4.4
EPSS
0.4%
top 42.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 9
Latest updateMay 24
Description
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.10, 20.04
🔴Vulnerability Details
5GHSA▶
GHSA-cf83-h775-f5f6: Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash↗2022-05-24
OSV▶
CVE-2020-12406: Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash↗2020-07-09
CVEList▶
CVE-2020-12406: Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash↗2020-07-09
📋Vendor Advisories
7Debian▶
CVE-2020-12406: firefox - Mozilla Developer Iain Ireland discovered a missing type check during unboxed ob...↗2020