CVE-2020-12416Race Condition in Mozilla Firefox

CWE-362Race ConditionCWE-416Use After Free11 documents9 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
0.7%
top 28.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla ThunderbirdOpensuse Leap
Timeline
PublishedJul 9
Latest updateMay 24

Description

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified78
NVDmozilla/firefox< 78.0
Ubuntumozilla/firefox< 78.0.1+build1-0ubuntu0.16.04.1+2
Ubuntumozilla/thunderbird< 1:78.8.1+build1-0ubuntu0.18.04.1+1
NVDopensuse/leap15.1, 15.2+1

🔴Vulnerability Details

4
GHSA
GHSA-gphq-fwm7-x5g2: A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption,2022-05-24
CVEList
CVE-2020-12416: A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption,2020-07-09
OSV
firefox vulnerabilities2020-07-02
OSV
CVE-2020-12416: A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption,2020-07-01

📋Vendor Advisories

5
Red Hat
Mozilla: Use-after-free in WebRTC VideoBroadcaster2020-07-16
Ubuntu
Firefox vulnerabilities2020-07-02
Debian
CVE-2020-12416: firefox - A VideoStreamEncoder may have been freed in a race condition with VideoBroadcast...2020
Mozilla
Mozilla Foundation Security Advisory 2020-24: CVE-2020-12416
Mozilla
Mozilla Foundation Security Advisory 2020-29: CVE-2020-12416

💬Community

1
Bugzilla
CVE-2020-12416 Mozilla: Use-after-free in WebRTC VideoBroadcaster2020-09-03
CVE-2020-12416 — Race Condition in Mozilla Firefox | cvebase