When aborting an operation, such as a fetch, an abort signal may be deleted
while alerting the objects to be notified. This results in a use-after-free
and we presume that with enough effort it could have been exploited to run
arbitrary code. This vulnerability affects Firefox ESR < 68.12 and
Thunderbird < 68.12.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | thunderbird | < 1:78.8.1+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 78.7.1+build1-0ubuntu0.20.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2020-15669
nvd.nist.gov/vuln/detail/CVE-2020-15669
rhn.redhat.com/errata/RHSA-2020-3558.html
security-tracker.debian.org/tracker/CVE-2020-15669
www.cve.org/CVERecord?id=CVE-2020-15669
www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669