CVE-2020-15667: High severity firefox vulnerability

Q: What is CVE-2020-15667?

CVE-2020-15667 is a vulnerability in Mozilla Firefox that could lead to memory corruption and potentially arbitrary code execution.

Q: How does CVE-2020-15667 occur?

CVE-2020-15667 occurs when processing a MAR update file after the signature has been validated, where an invalid name length could result in a heap overflow.

Q: Is Mozilla Firefox affected by CVE-2020-15667?

Yes, Mozilla Firefox up to version 80.0 is affected by CVE-2020-15667.

Q: What is the severity of CVE-2020-15667?

CVE-2020-15667 has a high severity rating with a CVSS score of 8.8.

Q: What is the CWE ID of CVE-2020-15667?

The CWE ID of CVE-2020-15667 is 787.

Published Aug 25, 2020

Updated

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<80

Mozilla Firefox<80.0

Event History

Aug 25, 2020

CVE Published

12:00 AM

Oct 1, 2020

CVE Published

via MITRE·06:42 PM

Data Sourced

via MITRE·06:42 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2020-36

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2020-15667?

CVE-2020-15667 is a vulnerability in Mozilla Firefox that could lead to memory corruption and potentially arbitrary code execution.

How does CVE-2020-15667 occur?

CVE-2020-15667 occurs when processing a MAR update file after the signature has been validated, where an invalid name length could result in a heap overflow.

Is Mozilla Firefox affected by CVE-2020-15667?