CVE-2020-15674 — Improper Locking in Mozilla Firefox

CWE-667 — Improper Locking CWE-787 — Out-of-bounds Write CWE-763 — Release of Invalid Pointer or Reference CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 45.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedOct 1

Latest updateMay 24

Description

Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5mozilla/firefoxunspecified — 81

▶NVDmozilla/firefox< 81.0

▶Ubuntumozilla/firefox< 81.0+build2-0ubuntu0.16.04.1+2

▶mozillamozilla/firefox

▶debiandebian/firefox< firefox 81.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-f5cj-6cmj-4fh4: Mozilla developers reported memory safety bugs present in Firefox 80↗2022-05-24

▶

OSV

CVE-2020-15674: Mozilla developers reported memory safety bugs present in Firefox 80↗2020-09-25

▶

📋Vendor Advisories

Red Hat

firefox: memory safety bugs showing evidence of memory corruption leading to run arbitrary code↗2020-10-05

▶

Ubuntu

Firefox vulnerabilities↗2020-09-28

▶

Debian

CVE-2020-15674: firefox - Mozilla developers reported memory safety bugs present in Firefox 80. Some of th...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-42: CVE-2020-15674↗

▶

🕵️Threat Intelligence

Securelist

IT threat evolution Q3 2020. Non-mobile statistics↗2020-11-20

▶

Securelist

IT threat evolution Q3 2020. Non-mobile statistics↗2020-11-20

▶

💬Community

Bugzilla

CVE-2020-15674 firefox: memory safety bugs showing evidence of memory corruption leading to run arbitrary code↗2020-10-05

▶