PT-2020-4963 · Mozilla+6 · Firefox+8

Bharadwaj Machiraju

Published

2020-11-17

Updated

2024-12-12

CVE-2020-26959

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 83 Firefox ESR versions prior to 78.5 Thunderbird versions prior to 78.5

Description The issue is related to a use-after-free error in the WebRequestService component, which can lead to memory corruption and a potentially exploitable crash. This can occur during browser shutdown when reference decrementing happens on a previously freed object.

Recommendations For Firefox versions prior to 83, update to version 83 or later to resolve the issue. For Firefox ESR versions prior to 78.5, update to version 78.5 or later to resolve the issue. For Thunderbird versions prior to 78.5, update to version 78.5 or later to resolve the issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-3340

ALT-PU-2020-3379

ALT-PU-2020-3384

ALT-PU-2020-3386

ALT-PU-2020-3424

ALT-PU-2021-1368

ALT-PU-2021-1369

ALT-PU-2021-2725

ALT-PU-2021-2881

ALT-PU-2021-3368

ALT-PU-2021-3369

ALT-PU-2022-1781

ALT-PU-2022-1782

BDU:2020-05538

CESA-2020_5235

CESA-2020_5236

CESA-2020_5237

CESA-2020_5239

CVE-2020-26959

DLA-2457-1

DLA-2464-1

DSA-4793-1

DSA-4796-1

MGASA-2020-0427

MGASA-2020-0433

OESA-2023-1672

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2020:2020-1

OPENSUSE-SU-2020:2031-1

OPENSUSE-SU-2020:2096-1

OPENSUSE-SU-2020:2187-1

OPENSUSE-SU-2020:2315-1

OPENSUSE-SU-2020_2020-1

OPENSUSE-SU-2020_2031-1

OPENSUSE-SU-2020_2096-1

OPENSUSE-SU-2020_2187-1

OPENSUSE-SU-2020_2315-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

RHSA-2020:5231

RHSA-2020:5232

RHSA-2020:5233

RHSA-2020:5234

RHSA-2020:5235

RHSA-2020:5236

RHSA-2020:5237

RHSA-2020:5238

RHSA-2020:5239

RHSA-2020:5240

RHSA-2020:5257

RHSA-2020:5314

RHSA-2020_5235

RHSA-2020_5236

RHSA-2020_5237

RHSA-2020_5238

RHSA-2020_5239

RHSA-2020_5257

SUSE-SU-2020:14548-1

SUSE-SU-2020:3383-1

SUSE-SU-2020:3458-1

SUSE-SU-2020:3528-1

SUSE-SU-2020:3548-1

SUSE-SU-2020_14548-1

USN-4637-1

USN-4637-2

USN-4647-1

Affected Products

Alt Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Suse

Thunderbird

Ubuntu

PT-2020-4963 · Mozilla+6 · Firefox+8

CVE-2020-26959

Weakness Enumeration

Related Identifiers

Affected Products

References · 2367