CVE-2020-15673Use After Free in Mozilla Firefox

CWE-416Use After FreeCWE-120Classic Buffer OverflowCWE-763Release of Invalid Pointer or Reference11 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+2 more
Timeline
PublishedOct 1
Latest updateMay 24

Description

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified81
NVDmozilla/firefox< 81.0
CVEListV5mozilla/firefox_esrunspecified78.3
CVEListV5mozilla/thunderbirdunspecified78.3

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-662r-59mf-5fxr: Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 782022-05-24
CVEList
CVE-2020-15673: Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 782020-10-01
OSV
CVE-2020-15673: Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 782020-10-01

📋Vendor Advisories

6
Ubuntu
Firefox vulnerabilities2020-09-28
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.32020-09-22
Debian
CVE-2020-15673: firefox - Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox...2020
Mozilla
Mozilla Foundation Security Advisory 2020-44: CVE-2020-15673
Mozilla
Mozilla Foundation Security Advisory 2020-43: CVE-2020-15673

💬Community

1
Bugzilla
CVE-2020-15673 Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.32020-09-22
CVE-2020-15673 — Use After Free in Mozilla Firefox | cvebase