CVE-2020-12417

CVSS v3.1 8.8 (High)

CVSS v2.0 9.3 (High)

EPSS 0.80 % (82^th)

Affected Products 5

Advisories 27

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. Note: this issue only affects Firefox on ARM64 platforms. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

Weaknesses

CWE-617: Reachable Assertion
CWE-681: Incorrect Conversion between Numeric Types
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-07-09 15:15:11
(4 years ago)
Updated Date: 2022-05-03 13:00:24
(2 years ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Opensuse

Leap

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 78.0 version	cpe:2.3:a:mozilla:firefox	< 78.0
Mozilla Firefox Esr prior 68.10.0 version	cpe:2.3:a:mozilla:firefox_esr	< 68.10.0
Mozilla Thunderbird prior 68.10.0 version	cpe:2.3:a:mozilla:thunderbird	< 68.10.0

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1
	Opensuse Leap 15.2	cpe:2.3:o:opensuse:leap:15.2