CVE-2020-12417
09.07.2020, 15:15
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 78.0 |
| mozilla | firefox_esr | 𝑥 < 68.10.0 |
| mozilla | thunderbird | 𝑥 < 68.10.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| firefox-esr |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||||||||||
| firefox-esr |
| ||||||||||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||||||||||
| mozjs60 |
| ||||||||||||||||||||||||||
| mozjs68 |
| ||||||||||||||||||||||||||
| thunderbird |
|
Common Weakness Enumeration
References