CVE-2020-26960

Опубликовано: 17 нояб. 2020

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Fixed	RHSA-2020:5238	30.11.2020
Red Hat Enterprise Linux 6	firefox	Fixed	RHSA-2020:5257	30.11.2020
Red Hat Enterprise Linux 7	thunderbird	Fixed	RHSA-2020:5235	30.11.2020
Red Hat Enterprise Linux 7	firefox	Fixed	RHSA-2020:5239	30.11.2020
Red Hat Enterprise Linux 8	thunderbird	Fixed	RHSA-2020:5236	30.11.2020
Red Hat Enterprise Linux 8	firefox	Fixed	RHSA-2020:5237	30.11.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	thunderbird	Fixed	RHSA-2020:5240	30.11.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	firefox	Fixed	RHSA-2020:5314	01.12.2020
Red Hat Enterprise Linux 8.1 Extended Update Support	thunderbird	Fixed	RHSA-2020:5231	30.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1898737Mozilla: Potential use-after-free in uses of nsTArray

EPSS

Процентиль: 71%

0.00665

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2020-26960

CVSS3: 8.8

ubuntu

около 5 лет назад

CVE-2020-26960

CVSS3: 8.8

nvd

около 5 лет назад

CVE-2020-26960

CVSS3: 8.8

debian

около 5 лет назад

If the Compact() method was called on an nsTArray, the array could hav ...

GHSA-jmp9-fm29-29mr

github

больше 3 лет назад

ELSA-2020-5257

oracle-oval

около 5 лет назад

ELSA-2020-5257: firefox security update (IMPORTANT)

EPSS

Процентиль: 71%

0.00665

Низкий

8.8 High

CVSS3