Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
https://www.mozilla.org/security/advisories/mfsa2020-42/
https://www.mozilla.org/security/advisories/mfsa2020-43/
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800
https://www.mozilla.org/security/advisories/mfsa2020-44/
https://www.debian.org/security/2020/dsa-4770
https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html
https://security.gentoo.org/glsa/202010-02
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html
Source: MITRE
Published: 2020-10-01
Updated: 2022-04-28
Type: CWE-416
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH