CVE-2020-15673high
Description
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
References
https://www.mozilla.org/security/advisories/mfsa2020-42/
https://www.mozilla.org/security/advisories/mfsa2020-43/
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800
https://www.mozilla.org/security/advisories/mfsa2020-44/
https://www.debian.org/security/2020/dsa-4770
https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html
https://security.gentoo.org/glsa/202010-02
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html
Details
Source: MITRE
Published: 2020-10-01
Updated: 2022-04-28
Type: CWE-416
Risk Information
CVSS v2
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH