PT-2020-5314 · Mozilla+6 · Firefox+8

Carl Smith

·

Published

2020-07-28

·

Updated

2024-12-12

·

CVE-2020-15656

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 79 Firefox ESR versions prior to 78.1 Thunderbird versions prior to 78.1
Description The issue is related to JIT-optimization in the browser, which can allow unauthorized access to data due to a lack of type control. This could potentially enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability involves JIT optimizations with the Javascript arguments object, which could confuse later optimizations, although various precautions in the code mitigate this risk.
Recommendations For Firefox versions prior to 79, update to version 79 or later to resolve the issue. For Firefox ESR versions prior to 78.1, update to version 78.1 or later to resolve the issue. For Thunderbird versions prior to 78.1, update to version 78.1 or later to resolve the issue.

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALT-PU-2020-2466
ALT-PU-2020-2598
ALT-PU-2020-2709
ALT-PU-2020-2933
ALT-PU-2020-2934
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
BDU:2021-00080
CESA-2020_3557
CVE-2020-15656
OPENSUSE-SU-2020:1147-1
OPENSUSE-SU-2020:1155-1
OPENSUSE-SU-2020:1189-1
OPENSUSE-SU-2020_1147-1
OPENSUSE-SU-2020_1155-1
OPENSUSE-SU-2020_1189-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:3555
RHSA-2020:3557
RHSA-2020:3559
RHSA-2020:4080
RHSA-2020_3557
RHSA-2020_4080
SUSE-SU-2020:14456-1
SUSE-SU-2020:2100-1
SUSE-SU-2020:2118-1
SUSE-SU-2020:2147-1
USN-4443-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu