PT-2020-16566 · Mozilla+6 · Firefox+8

Freddy

+2

·

Published

2020-11-09

·

Updated

2024-12-12

·

CVE-2020-26950

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 82.0.3 Firefox ESR versions prior to 78.4.1 Thunderbird versions prior to 78.4.2
Description The issue is related to the MCallGetProperty opcode being emitted with unmet assumptions, resulting in an exploitable use-after-free condition. This can lead to accessing already freed memory, which is suitable for creating a working exploit. The problem is associated with the incorrect usage of the MCallGetProperty operation code.
Recommendations For Firefox versions prior to 82.0.3, update to version 82.0.3 or later. For Firefox ESR versions prior to 78.4.1, update to version 78.4.1 or later. For Thunderbird versions prior to 78.4.2, update to version 78.4.2 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-3254
ALT-PU-2020-3257
ALT-PU-2020-3263
ALT-PU-2020-3267
ALT-PU-2020-3338
ALT-PU-2021-1152
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
CESA-2020_5099
CESA-2020_5100
CESA-2020_5146
CVE-2020-26950
DLA-2448-1
DLA-2449-1
DSA-4788-1
DSA-4790-1
MGASA-2020-0421
OESA-2023-1673
OESA-2023-1674
OESA-2024-1562
OESA-2024-1563
OPENSUSE-SU-2020:1909-1
OPENSUSE-SU-2020:1919-1
OPENSUSE-SU-2020:2022-1
OPENSUSE-SU-2020:2133-1
OPENSUSE-SU-2020_1909-1
OPENSUSE-SU-2020_1919-1
OPENSUSE-SU-2020_2022-1
OPENSUSE-SU-2020_2133-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:5099
RHSA-2020:5100
RHSA-2020:5104
RHSA-2020:5135
RHSA-2020:5138
RHSA-2020:5139
RHSA-2020:5146
RHSA-2020:5162
RHSA-2020:5163
RHSA-2020:5164
RHSA-2020:5166
RHSA-2020:5167
RHSA-2020_5099
RHSA-2020_5100
RHSA-2020_5104
RHSA-2020_5146
RHSA-2020_5163
RHSA-2020_5164
SUSE-SU-2020:14542-1
SUSE-SU-2020:3311-1
SUSE-SU-2020:3312-1
SUSE-SU-2020:3331-1
SUSE-SU-2020:3418-1
SUSE-SU-2020_14542-1
SUSE-SU-2020_3311-1
SUSE-SU-2020_3312-1
SUSE-SU-2020_3331-1
USN-4625-1
USN-4647-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu