CVE-2020-12418

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 1.03 % (84^th)

Affected Products 5

Advisories 31

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-07-09 15:15:11
(4 years ago)
Updated Date: 2023-01-27 16:57:45
(19 months ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Opensuse

Leap

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 78.0 version	cpe:2.3:a:mozilla:firefox	< 78.0
Mozilla Firefox Esr prior 68.10 version	cpe:2.3:a:mozilla:firefox_esr	< 68.10
Mozilla Thunderbird prior 68.10.0 version	cpe:2.3:a:mozilla:thunderbird	< 68.10.0

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1
	Opensuse Leap 15.2	cpe:2.3:o:opensuse:leap:15.2