CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 79.0
mozillafirefox_esr
𝑥
< 78.1
mozillathunderbird
𝑥
< 78.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
thunderbird
bookworm
1:115.12.0-1~deb12u1
fixed
bookworm (security)
1:128.4.0esr-1~deb12u1
fixed
bullseye
1:115.12.0-1~deb11u1
fixed
bullseye (security)
1:128.4.0esr-1~deb11u1
fixed
sid
1:128.4.0esr-1
fixed
trixie
1:128.4.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15 SP1
78.1.0-3.100.2
fixed
suse enterprise desktop 15 SP2
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP3
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP4
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP5
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP6
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP7
78.1.0-8.3.1
fixed
suse enterprise sap 12 SP2
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP3
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP4
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP5
78.1.0-112.8.1
fixed
suse enterprise sap 15 SP1
78.1.0-3.100.2
fixed
suse enterprise sap 15 SP2
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP3
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP4
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP5
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP6
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP7
78.1.0-8.3.1
fixed
suse enterprise server 12 SP2
78.1.0-112.8.1
fixed
suse enterprise server 12 SP3
78.1.0-112.8.1
fixed
suse enterprise server 12 SP4
78.1.0-112.8.1
fixed
suse enterprise server 12 SP5
78.1.0-112.8.1
fixed
suse enterprise server 15 SP1
78.1.0-3.100.2
fixed
suse enterprise server 15 SP2
78.1.0-8.3.1
fixed
suse enterprise server 15 SP3
78.1.0-8.3.1
fixed
suse enterprise server 15 SP4
78.1.0-8.3.1
fixed
suse enterprise server 15 SP5
78.1.0-8.3.1
fixed
suse enterprise server 15 SP6
78.1.0-8.3.1
fixed
suse enterprise server 15 SP7
78.1.0-8.3.1
fixed
MozillaFirefox-branding-SLE-78
suse enterprise desktop 15 SP2
9.2.4
fixed
suse enterprise desktop 15 SP3
9.2.4
fixed
suse enterprise desktop 15 SP4
9.2.4
fixed
suse enterprise desktop 15 SP5
9.2.4
fixed
suse enterprise desktop 15 SP6
9.2.4
fixed
suse enterprise desktop 15 SP7
9.2.4
fixed
suse enterprise sap 15 SP2
9.2.4
fixed
suse enterprise sap 15 SP3
9.2.4
fixed
suse enterprise sap 15 SP4
9.2.4
fixed
suse enterprise sap 15 SP5
9.2.4
fixed
suse enterprise sap 15 SP6
9.2.4
fixed
suse enterprise sap 15 SP7
9.2.4
fixed
suse enterprise server 15 SP2
9.2.4
fixed
suse enterprise server 15 SP3
9.2.4
fixed
suse enterprise server 15 SP4
9.2.4
fixed
suse enterprise server 15 SP5
9.2.4
fixed
suse enterprise server 15 SP6
9.2.4
fixed
suse enterprise server 15 SP7
9.2.4
fixed
MozillaFirefox-devel
suse enterprise desktop 15 SP1
78.1.0-3.100.2
fixed
suse enterprise desktop 15 SP2
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP3
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP4
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP5
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP6
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP7
78.1.0-8.3.1
fixed
suse enterprise sap 12 SP2
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP3
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP4
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP5
78.1.0-112.8.1
fixed
suse enterprise sap 15 SP1
78.1.0-3.100.2
fixed
suse enterprise sap 15 SP2
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP3
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP4
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP5
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP6
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP7
78.1.0-8.3.1
fixed
suse enterprise server 12 SP2
78.1.0-112.8.1
fixed
suse enterprise server 12 SP3
78.1.0-112.8.1
fixed
suse enterprise server 12 SP4
78.1.0-112.8.1
fixed
suse enterprise server 12 SP5
78.1.0-112.8.1
fixed
suse enterprise server 15 SP1
78.1.0-3.100.2
fixed
suse enterprise server 15 SP2
78.1.0-8.3.1
fixed
suse enterprise server 15 SP3
78.1.0-8.3.1
fixed
suse enterprise server 15 SP4
78.1.0-8.3.1
fixed
suse enterprise server 15 SP5
78.1.0-8.3.1
fixed
suse enterprise server 15 SP6
78.1.0-8.3.1
fixed
suse enterprise server 15 SP7
78.1.0-8.3.1
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15 SP1
78.1.0-3.100.2
fixed
suse enterprise desktop 15 SP2
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP3
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP4
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP5
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP6
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP7
78.1.0-8.3.1
fixed
suse enterprise sap 12 SP2
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP3
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP4
78.1.0-112.8.1
fixed
suse enterprise sap 12 SP5
78.1.0-112.8.1
fixed
suse enterprise sap 15 SP1
78.1.0-3.100.2
fixed
suse enterprise sap 15 SP2
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP3
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP4
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP5
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP6
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP7
78.1.0-8.3.1
fixed
suse enterprise server 12 SP2
78.1.0-112.8.1
fixed
suse enterprise server 12 SP3
78.1.0-112.8.1
fixed
suse enterprise server 12 SP4
78.1.0-112.8.1
fixed
suse enterprise server 12 SP5
78.1.0-112.8.1
fixed
suse enterprise server 15 SP1
78.1.0-3.100.2
fixed
suse enterprise server 15 SP2
78.1.0-8.3.1
fixed
suse enterprise server 15 SP3
78.1.0-8.3.1
fixed
suse enterprise server 15 SP4
78.1.0-8.3.1
fixed
suse enterprise server 15 SP5
78.1.0-8.3.1
fixed
suse enterprise server 15 SP6
78.1.0-8.3.1
fixed
suse enterprise server 15 SP7
78.1.0-8.3.1
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15 SP1
78.1.0-3.100.2
fixed
suse enterprise desktop 15 SP2
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP3
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP4
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP5
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP6
78.1.0-8.3.1
fixed
suse enterprise desktop 15 SP7
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP1
78.1.0-3.100.2
fixed
suse enterprise sap 15 SP2
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP3
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP4
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP5
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP6
78.1.0-8.3.1
fixed
suse enterprise sap 15 SP7
78.1.0-8.3.1
fixed
suse enterprise server 15 SP1
78.1.0-3.100.2
fixed
suse enterprise server 15 SP2
78.1.0-8.3.1
fixed
suse enterprise server 15 SP3
78.1.0-8.3.1
fixed
suse enterprise server 15 SP4
78.1.0-8.3.1
fixed
suse enterprise server 15 SP5
78.1.0-8.3.1
fixed
suse enterprise server 15 SP6
78.1.0-8.3.1
fixed
suse enterprise server 15 SP7
78.1.0-8.3.1
fixed
libpipewire-0_3-0
suse enterprise desktop 15 SP2
0.3.6-3.3.2
fixed
suse enterprise sap 15 SP2
0.3.6-3.3.2
fixed
suse enterprise server 15 SP2
0.3.6-3.3.2
fixed
pipewire
suse enterprise desktop 15 SP2
0.3.6-3.3.2
fixed
suse enterprise sap 15 SP2
0.3.6-3.3.2
fixed
suse enterprise server 15 SP2
0.3.6-3.3.2
fixed
pipewire-modules
suse enterprise desktop 15 SP2
0.3.6-3.3.2
fixed
suse enterprise sap 15 SP2
0.3.6-3.3.2
fixed
suse enterprise server 15 SP2
0.3.6-3.3.2
fixed
pipewire-spa-plugins-0_2
suse enterprise desktop 15 SP2
0.3.6-3.3.2
fixed
suse enterprise sap 15 SP2
0.3.6-3.3.2
fixed
suse enterprise server 15 SP2
0.3.6-3.3.2
fixed
pipewire-spa-tools
suse enterprise desktop 15 SP2
0.3.6-3.3.2
fixed
suse enterprise sap 15 SP2
0.3.6-3.3.2
fixed
suse enterprise server 15 SP2
0.3.6-3.3.2
fixed
pipewire-tools
suse enterprise desktop 15 SP2
0.3.6-3.3.2
fixed
suse enterprise sap 15 SP2
0.3.6-3.3.2
fixed
suse enterprise server 15 SP2
0.3.6-3.3.2
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1644954
https://www.mozilla.org/security/advisories/mfsa2020-30/
https://www.mozilla.org/security/advisories/mfsa2020-32/
https://www.mozilla.org/security/advisories/mfsa2020-33/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1644954
https://www.mozilla.org/security/advisories/mfsa2020-30/
https://www.mozilla.org/security/advisories/mfsa2020-32/
https://www.mozilla.org/security/advisories/mfsa2020-33/