CVE-2020-15673

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

Published: Oct 1, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15673
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
mozilla / firefox_esr	-	78.3
mozilla / thunderbird	-	78.3
mozilla / firefox	-	81.0
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
opensuse / leap	15.1	15.1.x
opensuse / leap	15.2	15.2.x

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800
https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html
https://security.gentoo.org/glsa/202010-02
https://www.debian.org/security/2020/dsa-4770
https://www.mozilla.org/security/advisories/mfsa2020-42/
https://www.mozilla.org/security/advisories/mfsa2020-43/
https://www.mozilla.org/security/advisories/mfsa2020-44/

Vulnerability Database

289,599

CVE-2020-15673