CVE-2020-15669

CVSS v3.1 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.30 % (70^th)

Affected Products 2

Advisories 22

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-10-01 19:15:13
(4 years ago)
Updated Date: 2020-10-02 19:02:26
(4 years ago)

Affected Products

Mozilla

Firefox Esr
Thunderbird

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox Esr prior 68.12 version	cpe:2.3:a:mozilla:firefox_esr		< 68.12
	Mozilla Thunderbird prior 68.12 version	cpe:2.3:a:mozilla:thunderbird		< 68.12