CVE-2020-15656 — Type Confusion in Mozilla Firefox

CWE-843 — Type Confusion12 documents9 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.7%

top 28.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +2 more

Timeline

PublishedAug 10

Latest updateMay 24

Description

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 79

▶NVDmozilla/firefox< 79.0

▶CVEListV5mozilla/firefox_esrunspecified — 78.1

▶NVDmozilla/firefox_esr< 78.1

▶Ubuntumozilla/firefox< 79.0+build1-0ubuntu0.16.04.2+2

Also affects: Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

GHSA

GHSA-cwww-4cwr-37ph: JIT optimizations involving the Javascript arguments object could confuse later optimizations↗2022-05-24

▶

CVEList

CVE-2020-15656: JIT optimizations involving the Javascript arguments object could confuse later optimizations↗2020-08-10

▶

OSV

CVE-2020-15656: JIT optimizations involving the Javascript arguments object could confuse later optimizations↗2020-07-29

▶

OSV

firefox vulnerabilities↗2020-07-29

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2020-07-29

▶

Red Hat

Mozilla: Type confusion for special arguments in IonMonkey↗2020-07-28

▶

Debian

CVE-2020-15656: firefox - JIT optimizations involving the Javascript arguments object could confuse later ...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-32: CVE-2020-15656↗

▶

Mozilla

Mozilla Foundation Security Advisory 2020-33: CVE-2020-15656↗

▶

💬Community

Bugzilla

CVE-2020-15656 Mozilla: Type confusion for special arguments in IonMonkey↗2020-07-29

▶