CVE-2020-15683

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html Mailing List Third Party Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140 Broken Link Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202010-08 Third Party Advisory
https://www.debian.org/security/2020/dsa-4780 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-45/ Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-46/ Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-47/ Release Notes Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html Mailing List Third Party Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140 Broken Link Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202010-08 Third Party Advisory
https://www.debian.org/security/2020/dsa-4780 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-45/ Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-46/ Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-47/ Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-22 21:15

Updated : 2024-11-21 05:06


NVD link : CVE-2020-15683

Mitre link : CVE-2020-15683

CVE.ORG link : CVE-2020-15683


JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox
  • firefox_esr

opensuse

  • leap

debian

  • debian_linux
CWE
CWE-416

Use After Free

CWE-787

Out-of-bounds Write