CVE-2020-15669: Use After Free

Q: What is CVE-2020-15669?

CVE-2020-15669 is a vulnerability that allows for a use-after-free attack when aborting an operation like a fetch in Firefox ESR < 68.12 and Thunderbird < 68.12.

Q: How severe is CVE-2020-15669?

CVE-2020-15669 has a severity score of 8.8 (high).

Q: Which software versions are affected by CVE-2020-15669?

CVE-2020-15669 affects Firefox ESR versions earlier than 68.12 and Thunderbird versions earlier than 68.12.

Q: How can CVE-2020-15669 be exploited?

CVE-2020-15669 can be exploited with enough effort to run arbitrary code.

Q: How do I mitigate CVE-2020-15669?

To mitigate CVE-2020-15669, update to Firefox ESR version 68.12 or higher or Thunderbird version 68.12 or higher.

Published Aug 25, 2020

Updated

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code.

Affected Software

4 affected componentsFixes available

Mozilla Firefox ESR<68.12

68.12

Mozilla Thunderbird<68.12

68.12

Mozilla Firefox ESR<68.12

Mozilla Thunderbird<68.12

Event History

Aug 25, 2020

CVE Published

12:00 AM

Oct 1, 2020

CVE Published

via MITRE·06:42 PM

Data Sourced

via MITRE·06:42 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2020-15669?

CVE-2020-15669 is a vulnerability that allows for a use-after-free attack when aborting an operation like a fetch in Firefox ESR < 68.12 and Thunderbird < 68.12.

How severe is CVE-2020-15669?

CVE-2020-15669 has a severity score of 8.8 (high).

Which software versions are affected by CVE-2020-15669?