CVE-2020-15683
Summary
| CVE | CVE-2020-15683 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-22 21:15:00 UTC |
| Updated | 2022-04-28 18:24:00 UTC |
| Description | Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. |
Risk And Classification
Problem Types: CWE-787 | CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Vulnerabilities fixed in Thunderbird 78.4 — Mozilla | MISC | www.mozilla.org | Release Notes, Vendor Advisory |
| Security Vulnerabilities fixed in Firefox ESR 78.4 — Mozilla | MISC | www.mozilla.org | Release Notes, Vendor Advisory |
| [security-announce] openSUSE-SU-2020:1785-1: important: Security update | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-4780-1 thunderbird | DEBIAN | www.debian.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1732-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1748-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| [SECURITY] [DLA 2416-1] thunderbird security update | MLIST | lists.debian.org | Third Party Advisory |
| Security Vulnerabilities fixed in Firefox 82 — Mozilla | MISC | www.mozilla.org | Release Notes, Vendor Advisory |
| [security-announce] openSUSE-SU-2020:1780-1: important: Security update | SUSE | lists.opensuse.org | |
| Bug List | MISC | bugzilla.mozilla.org | Broken Link, Issue Tracking, Vendor Advisory |
| Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities (GLSA 202010-08) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296070 Oracle Solaris 11.4 Support Repository Update (SRU) 28.82.3 Missing (CPUOCT2020)
- 500937 Alpine Linux Security Update for firefox-esr
- 500955 Alpine Linux Security Update for firefox
- 502376 Alpine Linux Security Update for thunderbird
- 503840 Alpine Linux Security Update for firefox
- 504804 Alpine Linux Security Update for firefox-esr
- 505444 Alpine Linux Security Update for thunderbird