CVE-2020-15683Use After Free in Mozilla Firefox

CWE-416Use After FreeCWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow13 documents9 sources
Severity
9.8CRITICALNVD
EPSS
1.6%
top 18.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+2 more
Timeline
PublishedOct 22
Latest updateMay 24

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified82
NVDmozilla/firefox< 82.0
CVEListV5mozilla/firefox_esrunspecified78.4
CVEListV5mozilla/thunderbirdunspecified78.4

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-q4v9-gx3p-c65m: Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 782022-05-24
OSV
CVE-2020-15683: Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 782020-10-22
CVEList
CVE-2020-15683: Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 782020-10-22

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2020-11-25
Ubuntu
Firefox vulnerabilities2020-10-26
Ubuntu
Firefox vulnerabilities2020-10-23
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.42020-10-20
Debian
CVE-2020-15683: firefox - Mozilla developers and community members reported memory safety bugs present in ...2020

💬Community

1
Bugzilla
CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.42020-10-21
CVE-2020-15683 — Use After Free in Mozilla Firefox | cvebase