9.3

CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 79.0
MozillaFirefox ESR Version < 68.11
MozillaFirefox ESR Version >= 78.0 < 78.1.0
MozillaThunderbird Version < 68.11
MozillaThunderbird Version >= 78.0.1 < 78.1.0
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.4% 0.819
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
Patch
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
Patch
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
Patch
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4443-1/
Patch
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-31/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-30/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-32/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-33/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-35/
Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678
Vendor Advisory
Issue Tracking
Permissions Required