CVE-2020-12417

HIGH

Firefox <78 - Memory Corruption

Title source: llm

Description

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

References (11)

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-24/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-26/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-25/

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1640737

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html

[Third Party Advisory] https://usn.ubuntu.com/4421-1/

[Third Party Advisory] https://security.gentoo.org/glsa/202007-09

[Third Party Advisory] https://security.gentoo.org/glsa/202007-10

Scores

CVSS v3 8.8

EPSS 0.0047

EPSS Percentile 64.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-681 CWE-617 CWE-787

Status published

Products (9)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

canonical/ubuntu_linux 20.04

mozilla/firefox < 78.0

mozilla/firefox_esr < 68.10.0

mozilla/thunderbird < 68.10.0

opensuse/leap 15.1

opensuse/leap 15.2

Published Jul 09, 2020

Tracked Since Feb 18, 2026