HIGH🇬🇧 English

CVE-2020-12417

CVSS 8.8v3.1pub. 2020-07-09upd. 2024-11-21

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    16.0418.0419.1020.04
  • Mozilla Firefox

    APP
    Mozilla
    < 78.0
  • Mozilla Firefox Esr

    APP
    Mozilla
    < 68.10.0
  • Mozilla Thunderbird

    APP
    Mozilla
    < 68.10.0
  • Opensuse Leap

    OS
    Opensuse
    15.115.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2022-0543CRITICAL10.0⚠ KEVten sam produkt

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...

CVE-2020-16846CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...