Lucene search

K
cvelistMozillaCVELIST:CVE-2020-26950
HistoryDec 09, 2020 - 12:19 a.m.

CVE-2020-26950

2020-12-0900:19:22
mozilla
www.cve.org
11
mcallgetproperty
unmet assumptions
exploitable
firefox
thunderbird

AI Score

8.3

Confidence

High

EPSS

0.916

Percentile

99.0%

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "< 82.0.3"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "< 78.4.1"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "< 78.4.2"
      }
    ]
  }
]