CVE-2020-15678 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free11 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +2 more

Timeline

PublishedOct 1

Latest updateMay 24

Description

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 81

▶NVDmozilla/firefox< 81.0

▶CVEListV5mozilla/firefox_esrunspecified — 78.3

▶NVDmozilla/firefox_esr< 78.3

▶CVEListV5mozilla/thunderbirdunspecified — 78.3

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-4rfx-gjvx-jp3h: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free↗2022-05-24

▶

CVEList

CVE-2020-15678: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free↗2020-10-01

▶

OSV

CVE-2020-15678: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free↗2020-10-01

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2020-09-28

▶

Red Hat

Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario↗2020-09-22

▶

Debian

CVE-2020-15678: firefox - When recursing through graphical layers while scrolling, an iterator may have be...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-44: CVE-2020-15678↗

▶

Mozilla

Mozilla Foundation Security Advisory 2020-43: CVE-2020-15678↗

▶

💬Community

Bugzilla

CVE-2020-15678 Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario↗2020-09-22

▶