Lucene search

K
cvelistMozillaCVELIST:CVE-2020-12406
HistoryJul 09, 2020 - 2:45 p.m.

CVE-2020-12406

2020-07-0914:45:21
mozilla
www.cve.org
7
mozilla
developer
missing type check
arbitrary code execution
thunderbird
firefox esr

AI Score

8.5

Confidence

High

EPSS

0.003

Percentile

70.1%

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CNA Affected

[
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "68.9.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "77",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "68.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]