CVE-2020-12426
published 2020-07-09CVE-2020-12426: Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we…
PriorityP338high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.62%
73.1th percentile
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 78.0-1 (sid) | firefox 78.0-1 (sid) |
| mozilla | firefox | < 78.0 | 78.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 78.0.1+build1-0ubuntu0.16.04.1 | 78.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 78.0.1+build1-0ubuntu0.18.04.1 | 78.0.1+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 78.0.1+build1-0ubuntu0.20.04.1 | 78.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 78 | 78 |
| mozilla | thunderbird | >= 0 < 1:78.8.1+build1-0ubuntu0.18.04.1 | 1:78.8.1+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 0 < 1:78.7.1+build1-0ubuntu0.20.04.1 | 1:78.7.1+build1-0ubuntu0.20.04.1 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Mozilla: Memory safety bugs fixed in Thunderbird 78
vendor_redhat·2020-07-16·CVSS 8.8
CVE-2020-12426 [HIGH] CWE-120 Mozilla: Memory safety bugs fixed in Thunderbird 78
Mozilla: Memory safety bugs fixed in Thunderbird 78
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 8) - Not affected
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-07-02·CVSS 6.5
CVE-2020-12420 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, bypass permission prompts, or execute arbitrary code.
(CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424,
CVE-2020-12425, CVE-2020-12426)
It was discovered that when performing add-on updates, certificate chains
not terminating with built-in roots were silently rejected. This could
result in add-ons becoming outdated. (CVE-2020-12421)
Instructions: After a st
Debian
CVE-2020-12426: firefox - Mozilla developers and community members reported memory safety bugs present in ...
vendor_debian·2020·CVSS 8.8
CVE-2020-12426 [HIGH] CVE-2020-12426: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
Scope: local
sid: resolved (fixed in 78.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-29: CVE-2020-12426
vendor_mozilla·CVSS 8.8
CVE-2020-12426 [HIGH] Mozilla Foundation Security Advisory 2020-29: CVE-2020-12426
Mozilla Foundation Security Advisory 2020-29
CVE: CVE-2020-12426
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 78
Mozilla
Mozilla Foundation Security Advisory 2020-24: CVE-2020-12426
vendor_mozilla·CVSS 8.8
CVE-2020-12426 [HIGH] Mozilla Foundation Security Advisory 2020-24: CVE-2020-12426
Mozilla Foundation Security Advisory 2020-24
CVE: CVE-2020-12426
Product: Firefox
Impact: high
Fixed in: Firefox 78
GHSA
GHSA-jvpq-rx3j-c85r: Mozilla developers and community members reported memory safety bugs present in Firefox 77
ghsa_unreviewed·2022-05-24
CVE-2020-12426 [HIGH] CWE-119 GHSA-jvpq-rx3j-c85r: Mozilla developers and community members reported memory safety bugs present in Firefox 77
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
OSV
firefox vulnerabilities
osv·2020-07-02·CVSS 6.5
CVE-2020-12415 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, bypass permission prompts, or execute arbitrary code.
(CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424,
CVE-2020-12425, CVE-2020-12426)
It was discovered that when performing add-on updates, certificate chains
not terminating with built-in roots were silently rejected. This could
result in add-ons becoming outdated. (CVE-2020-12421)
OSV
CVE-2020-12426: Mozilla developers and community members reported memory safety bugs present in Firefox 77
osv·2020-07-01·CVSS 8.8
CVE-2020-12426 [HIGH] CVE-2020-12426: Mozilla developers and community members reported memory safety bugs present in Firefox 77
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.htmlhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1608068%2C1609951%2C1631187%2C1637682https://security.gentoo.org/glsa/202007-10https://www.mozilla.org/security/advisories/mfsa2020-24/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.htmlhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1608068%2C1609951%2C1631187%2C1637682https://security.gentoo.org/glsa/202007-10https://www.mozilla.org/security/advisories/mfsa2020-24/
2020-07-09
Published