CVE-2020-15659

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678

https://usn.ubuntu.com/4443-1/

https://www.mozilla.org/security/advisories/mfsa2020-30/

https://www.mozilla.org/security/advisories/mfsa2020-31/

https://www.mozilla.org/security/advisories/mfsa2020-32/

https://www.mozilla.org/security/advisories/mfsa2020-33/

https://www.mozilla.org/security/advisories/mfsa2020-35/

Details

Source: MITRE

Published: 2020-08-10

Updated: 2020-08-21

Type: CWE-787

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (60 total)

IDNameProductFamilySeverity
150564SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)NessusSuSE Local Security Checks
high
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147390NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0007)NessusNewStart CGSL Local Security Checks
high
147331NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147292NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0006)NessusNewStart CGSL Local Security Checks
high
147247NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052)NessusNewStart CGSL Local Security Checks
high
145919CentOS 8 : firefox (CESA-2020:3241)NessusCentOS Local Security Checks
high
145868CentOS 8 : thunderbird (CESA-2020:3341)NessusCentOS Local Security Checks
high
140196Amazon Linux 2 : thunderbird (ALAS-2020-1487)NessusAmazon Linux Local Security Checks
high
139648openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1205)NessusSuSE Local Security Checks
high
139562openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)NessusSuSE Local Security Checks
high
139558openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1179)NessusSuSE Local Security Checks
high
139475Oracle Linux 6 : thunderbird (ELSA-2020-3345)NessusOracle Linux Local Security Checks
high
139474Oracle Linux 7 : thunderbird (ELSA-2020-3344)NessusOracle Linux Local Security Checks
high
139473Oracle Linux 8 : thunderbird (ELSA-2020-3341)NessusOracle Linux Local Security Checks
high
139444openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155)NessusSuSE Local Security Checks
high
139421CentOS 6 : thunderbird (CESA-2020:3345)NessusCentOS Local Security Checks
high
139420CentOS 7 : firefox (CESA-2020:3253)NessusCentOS Local Security Checks
high
139419CentOS 7 : thunderbird (CESA-2020:3344)NessusCentOS Local Security Checks
high
139417CentOS 6 : firefox (CESA-2020:3233)NessusCentOS Local Security Checks
high
139406SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1)NessusSuSE Local Security Checks
high
139400Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200806)NessusScientific Linux Local Security Checks
high
139399Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200806)NessusScientific Linux Local Security Checks
high
139376RHEL 6 : thunderbird (RHSA-2020:3345)NessusRed Hat Local Security Checks
high
139360SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2118-1)NessusSuSE Local Security Checks
high
139356openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147)NessusSuSE Local Security Checks
high
139336RHEL 8 : thunderbird (RHSA-2020:3343)NessusRed Hat Local Security Checks
high
139335RHEL 8 : thunderbird (RHSA-2020:3342)NessusRed Hat Local Security Checks
high
139334RHEL 7 : thunderbird (RHSA-2020:3344)NessusRed Hat Local Security Checks
high
139333RHEL 8 : thunderbird (RHSA-2020:3341)NessusRed Hat Local Security Checks
high
139331RHEL 7 : firefox (RHSA-2020:3253)NessusRed Hat Local Security Checks
high
139318Mozilla Thunderbird < 78.1NessusWindows
high
139317Mozilla Thunderbird < 78.1NessusMacOS X Local Security Checks
high
139300Scientific Linux Security Update : firefox on SL7.x x86_64 (20200730)NessusScientific Linux Local Security Checks
high
139282SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)NessusSuSE Local Security Checks
high
139279Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-213-01)NessusSlackware Local Security Checks
high
139278Oracle Linux 7 : firefox (ELSA-2020-3253)NessusOracle Linux Local Security Checks
high
139277Oracle Linux 8 : firefox (ELSA-2020-3241)NessusOracle Linux Local Security Checks
high
139276Oracle Linux 6 : firefox (ELSA-2020-3233)NessusOracle Linux Local Security Checks
high
139272GLSA-202007-64 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139255Debian DSA-4740-1 : thunderbird - security updateNessusDebian Local Security Checks
high
139253Debian DLA-2310-1 : thunderbird security updateNessusDebian Local Security Checks
high
139220Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200730)NessusScientific Linux Local Security Checks
high
139210Debian DSA-4736-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
139201RHEL 8 : firefox (RHSA-2020:3254)NessusRed Hat Local Security Checks
high
139196RHEL 6 : firefox (RHSA-2020:3233)NessusRed Hat Local Security Checks
high
139190RHEL 8 : firefox (RHSA-2020:3229)NessusRed Hat Local Security Checks
high
139186RHEL 8 : firefox (RHSA-2020:3241)NessusRed Hat Local Security Checks
high
139185Mozilla Thunderbird < 68.11NessusWindows
high
139184Mozilla Thunderbird < 68.11NessusMacOS X Local Security Checks
high
139182Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1)NessusUbuntu Local Security Checks
high
139123GLSA-202007-60 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139097Debian DLA-2297-1 : firefox-esr security updateNessusDebian Local Security Checks
high
139074Mozilla Firefox ESR < 78.1NessusWindows
high
139073Mozilla Firefox ESR < 78.1NessusMacOS X Local Security Checks
high
139063Mozilla Firefox ESR < 68.11NessusWindows
high
139062Mozilla Firefox ESR < 68.11NessusMacOS X Local Security Checks
high
139040Mozilla Firefox < 79.0NessusWindows
high
139039Mozilla Firefox < 79.0NessusMacOS X Local Security Checks
high