CVE-2020-12395

HIGH

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508

https://security.gentoo.org/glsa/202005-03

https://security.gentoo.org/glsa/202005-04

https://usn.ubuntu.com/4373-1/

https://www.mozilla.org/security/advisories/mfsa2020-16/

https://www.mozilla.org/security/advisories/mfsa2020-17/

https://www.mozilla.org/security/advisories/mfsa2020-18/

Details

Source: MITRE

Published: 2020-05-26

Updated: 2020-06-12

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (51 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145906CentOS 8 : thunderbird (CESA-2020:2046)NessusCentOS Local Security Checks
critical
143979NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)NessusNewStart CGSL Local Security Checks
critical
143948NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)NessusNewStart CGSL Local Security Checks
critical
143928NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0064)NessusNewStart CGSL Local Security Checks
critical
143912NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0074)NessusNewStart CGSL Local Security Checks
critical
138776NewStart CGSL MAIN 6.01 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0036)NessusNewStart CGSL Local Security Checks
critical
136894Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Thunderbird vulnerabilities (USN-4373-1)NessusUbuntu Local Security Checks
critical
136776CentOS 7 : thunderbird (CESA-2020:2050)NessusCentOS Local Security Checks
critical
136775CentOS 6 : thunderbird (CESA-2020:2049)NessusCentOS Local Security Checks
critical
136773CentOS 7 : firefox (CESA-2020:2037)NessusCentOS Local Security Checks
critical
136772CentOS 6 : firefox (CESA-2020:2036)NessusCentOS Local Security Checks
critical
136752Amazon Linux 2 : thunderbird (ALAS-2020-1429)NessusAmazon Linux Local Security Checks
critical
136658SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2020:1225-1)NessusSuSE Local Security Checks
critical
136654SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:1218-1)NessusSuSE Local Security Checks
critical
136649SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:1209-1)NessusSuSE Local Security Checks
critical
136600Oracle Linux 8 : thunderbird (ELSA-2020-2046)NessusOracle Linux Local Security Checks
critical
136545Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Firefox regression (USN-4353-2)NessusUbuntu Local Security Checks
critical
136543Oracle Linux 7 : thunderbird (ELSA-2020-2050)NessusOracle Linux Local Security Checks
critical
136541GLSA-202005-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
136540GLSA-202005-03 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
136487Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200511)NessusScientific Linux Local Security Checks
critical
136486Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200511)NessusScientific Linux Local Security Checks
critical
136477RHEL 6 : thunderbird (RHSA-2020:2049)NessusRed Hat Local Security Checks
critical
136476RHEL 8 : thunderbird (RHSA-2020:2046)NessusRed Hat Local Security Checks
critical
136475RHEL 7 : thunderbird (RHSA-2020:2050)NessusRed Hat Local Security Checks
critical
136471RHEL 8 : thunderbird (RHSA-2020:2047)NessusRed Hat Local Security Checks
critical
136470RHEL 8 : thunderbird (RHSA-2020:2048)NessusRed Hat Local Security Checks
critical
136461openSUSE Security Update : MozillaThunderbird (openSUSE-2020-643)NessusSuSE Local Security Checks
critical
136450openSUSE Security Update : MozillaFirefox (openSUSE-2020-621)NessusSuSE Local Security Checks
critical
136431Debian DSA-4683-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
136428Debian DLA-2206-1 : thunderbird security updateNessusDebian Local Security Checks
critical
136427Debian DLA-2205-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
136420Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : firefox vulnerabilities (USN-4353-1)NessusUbuntu Local Security Checks
critical
136418Oracle Linux 7 : firefox (ELSA-2020-2037)NessusOracle Linux Local Security Checks
critical
136404Mozilla Firefox < 76.0NessusWindows
critical
136403Mozilla Firefox < 76.0NessusMacOS X Local Security Checks
critical
136392Slackware 14.2 / current : mozilla-firefox (SSA:2020-126-01)NessusSlackware Local Security Checks
critical
136390Scientific Linux Security Update : firefox on SL7.x x86_64 (20200506)NessusScientific Linux Local Security Checks
critical
136389Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200506)NessusScientific Linux Local Security Checks
critical
136374Debian DSA-4678-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
136359Mozilla Thunderbird < 68.8.0NessusWindows
critical
136358Mozilla Thunderbird < 68.8.0NessusMacOS X Local Security Checks
critical
136357Mozilla Firefox ESR < 68.8NessusWindows
critical
136356Mozilla Firefox ESR < 68.8NessusMacOS X Local Security Checks
critical
136354RHEL 6 : firefox (RHSA-2020:2036)NessusRed Hat Local Security Checks
critical
136351RHEL 7 : firefox (RHSA-2020:2037)NessusRed Hat Local Security Checks
critical
136344RHEL 8 : firefox (RHSA-2020:2033)NessusRed Hat Local Security Checks
critical
136343RHEL 8 : firefox (RHSA-2020:2032)NessusRed Hat Local Security Checks
critical
136342RHEL 8 : firefox (RHSA-2020:2031)NessusRed Hat Local Security Checks
critical