Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-26974

Опубликовано: 07 янв. 2021
Источник: debian

Описание

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed84.0-1package
firefox-esrfixed78.6.0esr-1package
thunderbirdfixed1:78.6.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26974

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974

Связанные уязвимости

ubuntu логотип

CVE-2020-26974

CVSS3: 8.8
ubuntu
около 5 лет назад

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

redhat логотип

CVE-2020-26974

CVSS3: 8.8
redhat
около 5 лет назад

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

nvd логотип

CVE-2020-26974

CVSS3: 8.8
nvd
около 5 лет назад

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

github логотип

GHSA-gr4h-9jxj-93vm

github
больше 3 лет назад

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

oracle-oval логотип

ELSA-2020-5624-1

oracle-oval
около 5 лет назад

ELSA-2020-5624-1: thunderbird security update (IMPORTANT)