PT-2020-3494 · Mozilla+6 · Firefox+7

Looben Yang

·

Published

2020-05-05

·

Updated

2024-12-12

·

CVE-2020-12387

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.8 Firefox versions prior to 76 Thunderbird versions prior to 68.8.0
Description A race condition when running shutdown code for Web Worker led to a use-after-free issue, resulting in a potentially exploitable crash. This could allow a remote attacker to cause a denial of service.
Recommendations For Firefox ESR versions prior to 68.8, update to version 68.8 or later. For Firefox versions prior to 76, update to version 76 or later. For Thunderbird versions prior to 68.8.0, update to version 68.8.0 or later.

Exploit

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2020-1915
ALT-PU-2020-1916
ALT-PU-2020-1932
ALT-PU-2020-1933
ALT-PU-2020-1943
ALT-PU-2020-2408
ALT-PU-2020-2933
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-3368
BDU:2020-03820
CESA-2020_2031
CESA-2020_2036
CESA-2020_2037
CESA-2020_2046
CESA-2020_2049
CESA-2020_2050
CVE-2020-12387
DLA-2205-1
DLA-2206-1
DSA-4678-1
DSA-4683-1
MGASA-2020-0208
MGASA-2020-0209
OPENSUSE-SU-2020:0621-1
OPENSUSE-SU-2020:0643-1
OPENSUSE-SU-2020_0621-1
OPENSUSE-SU-2020_0643-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:2031
RHSA-2020:2032
RHSA-2020:2033
RHSA-2020:2036
RHSA-2020:2037
RHSA-2020:2046
RHSA-2020:2047
RHSA-2020:2048
RHSA-2020:2049
RHSA-2020:2050
RHSA-2020_2031
RHSA-2020_2036
RHSA-2020_2037
RHSA-2020_2046
RHSA-2020_2049
RHSA-2020_2050
SUSE-SU-2020:1209-1
SUSE-SU-2020:1218-1
SUSE-SU-2020:1225-1
SUSE-SU-2020:14359-1
SUSE-SU-2020_1209-1
SUSE-SU-2020_1218-1
SUSE-SU-2020_1225-1
SUSE-SU-2020_14359-1
USN-4353-1
USN-4353-2
USN-4373-1

Affected Products

Alt Linux
Centos
Firefox
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu