CVE-2020-15669

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1656957

https://www.mozilla.org/security/advisories/mfsa2020-37/

https://www.mozilla.org/security/advisories/mfsa2020-40/

Details

Source: MITRE

Published: 2020-10-01

Updated: 2020-10-02

Type: CWE-416

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
149335NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0025)NessusNewStart CGSL Local Security Checks
high
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147331NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147288NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0011)NessusNewStart CGSL Local Security Checks
high
147247NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052)NessusNewStart CGSL Local Security Checks
high
145909CentOS 8 : thunderbird (CESA-2020:3634)NessusCentOS Local Security Checks
high
145857CentOS 8 : firefox (CESA-2020:3557)NessusCentOS Local Security Checks
high
143033RHEL 8 : thunderbird (RHSA-2020:3633)NessusRed Hat Local Security Checks
high
141108Amazon Linux 2 : thunderbird (ALAS-2020-1496)NessusAmazon Linux Local Security Checks
high
140613Oracle Linux 7 : thunderbird (ELSA-2020-3631)NessusOracle Linux Local Security Checks
high
140585CentOS 7 : thunderbird (CESA-2020:3631)NessusCentOS Local Security Checks
high
140584CentOS 6 : thunderbird (CESA-2020:3643)NessusCentOS Local Security Checks
high
140568Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-256-01)NessusSlackware Local Security Checks
high
140510openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1392)NessusSuSE Local Security Checks
high
140455Oracle Linux 6 : thunderbird (ELSA-2020-3643)NessusOracle Linux Local Security Checks
high
140444openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1383)NessusSuSE Local Security Checks
high
140441Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200908)NessusScientific Linux Local Security Checks
high
140440Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200908)NessusScientific Linux Local Security Checks
high
140436Oracle Linux 7 : firefox (ELSA-2020-3556)NessusOracle Linux Local Security Checks
high
140400RHEL 6 : thunderbird (RHSA-2020:3643)NessusRed Hat Local Security Checks
high
140395Oracle Linux 8 : thunderbird (ELSA-2020-3634)NessusOracle Linux Local Security Checks
high
140394RHEL 8 : thunderbird (RHSA-2020:3634)NessusRed Hat Local Security Checks
high
140393RHEL 8 : thunderbird (RHSA-2020:3632)NessusRed Hat Local Security Checks
high
140389RHEL 7 : thunderbird (RHSA-2020:3631)NessusRed Hat Local Security Checks
high
140123CentOS 7 : firefox (CESA-2020:3556)NessusCentOS Local Security Checks
high
140119CentOS 6 : firefox (CESA-2020:3558)NessusCentOS Local Security Checks
high
140103Debian DLA-2360-1 : thunderbird security updateNessusDebian Local Security Checks
high
140060Debian DSA-4754-1 : thunderbird - security updateNessusDebian Local Security Checks
high
140042Oracle Linux 8 : firefox (ELSA-2020-3557)NessusOracle Linux Local Security Checks
high
139928Debian DLA-2346-1 : firefox-esr security updateNessusDebian Local Security Checks
high
139909Oracle Linux 6 : firefox (ELSA-2020-3558)NessusOracle Linux Local Security Checks
high
139893Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200826)NessusScientific Linux Local Security Checks
high
139892GLSA-202008-16 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139877Debian DSA-4749-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
139870Mozilla Thunderbird < 68.12NessusWindows
high
139869Mozilla Thunderbird < 68.12NessusMacOS X Local Security Checks
high
139854RHEL 8 : firefox (RHSA-2020:3557)NessusRed Hat Local Security Checks
high
139851RHEL 8 : firefox (RHSA-2020:3559)NessusRed Hat Local Security Checks
high
139811RHEL 8 : firefox (RHSA-2020:3555)NessusRed Hat Local Security Checks
high
139810RHEL 6 : firefox (RHSA-2020:3558)NessusRed Hat Local Security Checks
high
139808RHEL 7 : firefox (RHSA-2020:3556)NessusRed Hat Local Security Checks
high
139787Mozilla Firefox ESR < 68.12NessusWindows
high
139786Mozilla Firefox ESR < 68.12NessusMacOS X Local Security Checks
high