CVE-2020-12419

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1643874

https://security.gentoo.org/glsa/202007-09

https://security.gentoo.org/glsa/202007-10

https://usn.ubuntu.com/4421-1/

https://www.mozilla.org/security/advisories/mfsa2020-24/

https://www.mozilla.org/security/advisories/mfsa2020-25/

https://www.mozilla.org/security/advisories/mfsa2020-26/

Details

Source: MITRE

Published: 2020-07-09

Updated: 2020-07-27

Type: CWE-416

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
150683SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14421-1)NessusSuSE Local Security Checks
high
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147331NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
146025CentOS 8 : firefox (CESA-2020:2828)NessusCentOS Local Security Checks
high
144001NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0083)NessusNewStart CGSL Local Security Checks
high
143966NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0081)NessusNewStart CGSL Local Security Checks
high
139041RHEL 8 : thunderbird (RHSA-2020:3038)NessusRed Hat Local Security Checks
high
138976Oracle Linux 8 : thunderbird (ELSA-2020-3038)NessusOracle Linux Local Security Checks
high
138933GLSA-202007-10 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
138932GLSA-202007-09 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
138857Amazon Linux 2 : thunderbird (ALAS-2020-1468)NessusAmazon Linux Local Security Checks
high
138811RHEL 8 : thunderbird (RHSA-2020:3046)NessusRed Hat Local Security Checks
high
138786openSUSE Security Update : MozillaFirefox (openSUSE-2020-1017)NessusSuSE Local Security Checks
high
138747openSUSE Security Update : MozillaFirefox (openSUSE-2020-983)NessusSuSE Local Security Checks
high
138746openSUSE Security Update : MozillaThunderbird (openSUSE-2020-982)NessusSuSE Local Security Checks
high
138742openSUSE Security Update : MozillaThunderbird (openSUSE-2020-967)NessusSuSE Local Security Checks
high
138662Oracle Linux 6 : thunderbird (ELSA-2020-2966)NessusOracle Linux Local Security Checks
high
138589Mozilla Thunderbird < 78.0NessusWindows
high
138588Mozilla Thunderbird < 78.0NessusMacOS X Local Security Checks
high
138586Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200716)NessusScientific Linux Local Security Checks
high
138559RHEL 6 : thunderbird (RHSA-2020:2966)NessusRed Hat Local Security Checks
high
138494SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:1899-1)NessusSuSE Local Security Checks
high
138493SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:1898-1)NessusSuSE Local Security Checks
high
138489Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200714)NessusScientific Linux Local Security Checks
high
138487Oracle Linux 7 : thunderbird (ELSA-2020-2906)NessusOracle Linux Local Security Checks
high
138450RHEL 8 : thunderbird (RHSA-2020:2907)NessusRed Hat Local Security Checks
high
138447RHEL 7 : thunderbird (RHSA-2020:2906)NessusRed Hat Local Security Checks
high
138378CentOS 6 : firefox (CESA-2020:2824)NessusCentOS Local Security Checks
high
138377CentOS 7 : firefox (CESA-2020:2827)NessusCentOS Local Security Checks
high
138326Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Thunderbird vulnerabilities (USN-4421-1)NessusUbuntu Local Security Checks
high
138246Oracle Linux 8 : firefox (ELSA-2020-2828)NessusOracle Linux Local Security Checks
high
138206Scientific Linux Security Update : firefox on SL7.x x86_64 (20200707)NessusScientific Linux Local Security Checks
high
138205Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200707)NessusScientific Linux Local Security Checks
high
138204Oracle Linux 7 : firefox (ELSA-2020-2827)NessusOracle Linux Local Security Checks
high
138203Oracle Linux 6 : firefox (ELSA-2020-2824)NessusOracle Linux Local Security Checks
high
138145RHEL 6 : firefox (RHSA-2020:2824)NessusRed Hat Local Security Checks
high
138144RHEL 7 : firefox (RHSA-2020:2827)NessusRed Hat Local Security Checks
high
138143RHEL 8 : firefox (RHSA-2020:2828)NessusRed Hat Local Security Checks
high
138142RHEL 8 : firefox (RHSA-2020:2826)NessusRed Hat Local Security Checks
high
138141RHEL 8 : firefox (RHSA-2020:2825)NessusRed Hat Local Security Checks
high
138133Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Firefox vulnerabilities (USN-4408-1)NessusUbuntu Local Security Checks
high
138107Debian DSA-4718-1 : thunderbird - security updateNessusDebian Local Security Checks
high
138096Mozilla Thunderbird < 68.10.0NessusWindows
high
138095Mozilla Thunderbird < 68.10.0NessusMacOS X Local Security Checks
high
138085Mozilla Firefox < 78.0NessusWindows
high
138084Mozilla Firefox < 78.0NessusMacOS X Local Security Checks
high
138083Mozilla Firefox ESR < 68.10NessusWindows
high
138082Mozilla Firefox ESR < 68.10NessusMacOS X Local Security Checks
high
138065Debian DSA-4713-1 : firefox-esr - security updateNessusDebian Local Security Checks
high