CVE-2020-12419
Vulnerability Summary
Timeline
Description
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.40%• Percentile: 61%
Techniques & Countermeasures
- CWE-416•Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Affected Systems
- canonical•ubuntu_linux
16.04 | 18.04 | 19.10 | 20.04
- mozilla•firefox
< 78.0 | ≥ unspecified, < 78
- mozilla•firefox_esr
< 68.10 | ≥ unspecified, < 68.10
- mozilla•thunderbird
< 68.10.0 | ≥ unspecified, < 68.10.0
- opensuse•leap
15.1 | 15.2
References (11)
- https://www.mozilla.org/security/advisories/mfsa2020-24/
- https://www.mozilla.org/security/advisories/mfsa2020-26/
- https://www.mozilla.org/security/advisories/mfsa2020-25/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1643874
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html
- https://usn.ubuntu.com/4421-1/
- https://security.gentoo.org/glsa/202007-09
- https://security.gentoo.org/glsa/202007-10