CVE-2020-15667 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write CWE-434 — Unrestricted File Upload CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedOct 1

Latest updateMay 24

Description

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5mozilla/firefoxunspecified — 80

▶NVDmozilla/firefox< 80.0

▶mozillamozilla/firefox

▶debiandebian/firefox< firefox 80.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-93j6-6353-95h4: When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory c↗2022-05-24

▶

OSV

CVE-2020-15667: When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory c↗2020-10-01

▶

📋Vendor Advisories

Red Hat

firefox: Invalid name length could result in a heap buffer overflow, leading to memory corruption↗2020-08-25

▶

Debian

CVE-2020-15667: firefox - When processing a MAR update file, after the signature has been validated, an in...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-36: CVE-2020-15667↗

▶

💬Community

Bugzilla

CVE-2020-15667 firefox: Invalid name length could result in a heap buffer overflow, leading to memory corruption↗2020-10-02

▶