CVE-2020-15659

HIGH

Firefox < 79.0 and Firefox ESR < 68.11 - Memory Corruption

Title source: llm
STIX 2.1

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

References (10)

Core 10
Core References
Mailing List, Patch, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
Mailing List, Patch, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
Mailing List, Patch, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
Patch, Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4443-1/

Scores

CVSS v3 8.8
EPSS 0.0093
EPSS Percentile 76.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (8)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
mozilla/firefox < 79.0
mozilla/firefox_esr < 68.11
mozilla/thunderbird < 68.11
opensuse/leap 15.1
opensuse/leap 15.2
Published Aug 10, 2020
Tracked Since Feb 18, 2026