CVE-2020-15684: Use After Free

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2020-15684.

Q: What is the severity rating of CVE-2020-15684?

CVE-2020-15684 has a severity rating of high (7).

Q: How can CVE-2020-15684 be exploited?

With enough effort, CVE-2020-15684 could have been exploited to run arbitrary code.

Q: How can I fix CVE-2020-15684?

To fix CVE-2020-15684, update your Firefox browser to version 82 or higher.

Published Oct 20, 2020

Updated

Mozilla developers Christian Holler, Sebastian Hengst, Bogdan Tara, and Tyson Smith reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Other sources

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<82

Mozilla Firefox<82.0

Event History

Oct 20, 2020

CVE Published

12:00 AM

Oct 22, 2020

CVE Published

via MITRE·08:31 PM

Data Sourced

via MITRE·08:31 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2020-45

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2020-15684.

Who reported the memory safety bugs in Firefox 81?

Mozilla developers Christian Holler, Sebastian Hengst, Bogdan Tara, and Tyson Smith reported the memory safety bugs.

What is the severity rating of CVE-2020-15684?