Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15678

Опубликовано: 22 сент. 2020
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

The Mozilla Foundation Security Advisory describes this flaw as: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxFixedRHSA-2020:383524.09.2020
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2020:415801.10.2020
Red Hat Enterprise Linux 7firefoxFixedRHSA-2020:408030.09.2020
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2020:416301.10.2020
Red Hat Enterprise Linux 8firefoxFixedRHSA-2020:383224.09.2020
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2020:415501.10.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsfirefoxFixedRHSA-2020:383424.09.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsthunderbirdFixedRHSA-2020:415601.10.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1881666Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario

EPSS

Процентиль: 74%
0.00869
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15678

CVSS3: 8.8
ubuntu
почти 5 лет назад

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

nvd логотип

CVE-2020-15678

CVSS3: 8.8
nvd
почти 5 лет назад

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

debian логотип

CVE-2020-15678

CVSS3: 8.8
debian
почти 5 лет назад

When recursing through graphical layers while scrolling, an iterator m ...

github логотип

GHSA-4rfx-gjvx-jp3h

CVSS3: 8.8
github
больше 3 лет назад

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

suse-cvrf логотип

openSUSE-SU-2020:1574-1

suse-cvrf
почти 5 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 74%
0.00869
Низкий

8.8 High

CVSS3