Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-26950 — Use After Free in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
48.3%
top 2.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedDec 9
Latest updateMay 24
Description
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
3GHSA▶
GHSA-cp22-2989-32j9: In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition↗2022-05-24
CVEList▶
CVE-2020-26950: In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition↗2020-12-09
OSV▶
CVE-2020-26950: In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition↗2020-12-09
💥Exploits & PoCs
1📋Vendor Advisories
5Debian▶
CVE-2020-26950: firefox - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet ...↗2020