{"api_version":"1","generated_at":"2026-04-23T15:09:06+00:00","cve":"CVE-2020-12407","urls":{"html":"https://cve.report/CVE-2020-12407","api":"https://cve.report/api/cve/CVE-2020-12407.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-12407","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-12407"},"summary":{"title":"CVE-2020-12407","description":"Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2020-07-09 15:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1637112","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1637112","refsource":"MISC","tags":["Issue Tracking","Permissions Required","Vendor Advisory"],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-20/","name":"https://www.mozilla.org/security/advisories/mfsa2020-20/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Vulnerabilities fixed in Firefox 77 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-12407","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12407","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"12407","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12407","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-12407","qid":"500950","title":"Alpine Linux Security Update for firefox"},{"cve":"CVE-2020-12407","qid":"503835","title":"Alpine Linux Security Update for firefox"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-12407","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"77","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"WebRender leaking GPU memory when using border-image CSS directive"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2020-20/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2020-20/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1637112","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1637112"}]},"description":{"description_data":[{"lang":"eng","value":"Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77."}]}},"nvd":{"publishedDate":"2020-07-09 15:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"77.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"12407","Ordinal":"173567","Title":"CVE-2020-12407","CVE":"CVE-2020-12407","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"12407","Ordinal":"1","NoteData":"Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"12407","Ordinal":"2","NoteData":"2020-07-09","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"12407","Ordinal":"3","NoteData":"2020-07-09","Type":"Other","Title":"Modified"}]}}}