Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:26516
HistoryAug 31, 2020 - 3:45 a.m.

Heap Buffer Overflow

2020-08-3103:45:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
firefox
buffer overflow
mar update

EPSS

0.003

Percentile

68.5%

firefox is vulnerable to heap buffer overflow. When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key.