CVE-2020-15675Use After Free in Mozilla Firefox

CWE-416Use After FreeCWE-120Classic Buffer Overflow11 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 39.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedOct 1
Latest updateMay 24

Description

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/firefox< firefox 81.0-1 (sid)
CVEListV5mozilla/firefoxunspecified81
NVDmozilla/firefox< 81.0
Ubuntumozilla/firefox< 81.0+build2-0ubuntu0.16.04.1+2
mozillamozilla/firefox

🔴Vulnerability Details

2
GHSA
GHSA-fhj6-r884-6jpv: When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash2022-05-24
OSV
CVE-2020-15675: When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash2020-09-25

📋Vendor Advisories

4
Red Hat
firefox: Use-After-Free in WebGL could result in memory corruption and a potentially exploitable crash2020-10-05
Ubuntu
Firefox vulnerabilities2020-09-28
Debian
CVE-2020-15675: firefox - When processing surfaces, the lifetime may outlive a persistent buffer leading t...2020
Mozilla
Mozilla Foundation Security Advisory 2020-42: CVE-2020-15675

🕵️Threat Intelligence

2
Securelist
IT threat evolution Q3 2020. Non-mobile statistics2020-11-20
Securelist
IT threat evolution Q3 2020. Non-mobile statistics2020-11-20

💬Community

2
Bugzilla
CVE-2020-15675 firefox: Use-After-Free in WebGL could result in memory corruption and a potentially exploitable crash2020-10-05
Bugzilla
AddressSanitizer: heap-use-after-free [@ ~BorrowedSourceSurface] with READ of size 82020-07-21