csaf_redhat - rhsa-2020

rhsa-2020_4317

Vulnerability from csaf_redhat

Published

2020-10-22 20:56

Modified

2024-09-16 04:55

Summary

Red Hat Security Advisory: firefox security update

Notes

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.4.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683)\n\n* chromium-browser: Use after free in WebRTC (CVE-2020-15969)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:4317",
        "url": "https://access.redhat.com/errata/RHSA-2020:4317"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1885885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885885"
      },
      {
        "category": "external",
        "summary": "1889932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_4317.json"
      }
    ],
    "title": "Red Hat Security Advisory: firefox security update",
    "tracking": {
      "current_release_date": "2024-09-16T04:55:25+00:00",
      "generator": {
        "date": "2024-09-16T04:55:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2020:4317",
      "initial_release_date": "2020-10-22T20:56:02+00:00",
      "revision_history": [
        {
          "date": "2020-10-22T20:56:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-10-22T20:56:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T04:55:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.2.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:78.4.0-1.el8_2.s390x",
                "product": {
                  "name": "firefox-0:78.4.0-1.el8_2.s390x",
                  "product_id": "firefox-0:78.4.0-1.el8_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@78.4.0-1.el8_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:78.4.0-1.el8_2.s390x",
                "product": {
                  "name": "firefox-debugsource-0:78.4.0-1.el8_2.s390x",
                  "product_id": "firefox-debugsource-0:78.4.0-1.el8_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@78.4.0-1.el8_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
                "product": {
                  "name": "firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
                  "product_id": "firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@78.4.0-1.el8_2?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:78.4.0-1.el8_2.x86_64",
                "product": {
                  "name": "firefox-0:78.4.0-1.el8_2.x86_64",
                  "product_id": "firefox-0:78.4.0-1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@78.4.0-1.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:78.4.0-1.el8_2.x86_64",
                "product": {
                  "name": "firefox-debugsource-0:78.4.0-1.el8_2.x86_64",
                  "product_id": "firefox-debugsource-0:78.4.0-1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@78.4.0-1.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
                "product": {
                  "name": "firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
                  "product_id": "firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@78.4.0-1.el8_2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:78.4.0-1.el8_2.ppc64le",
                "product": {
                  "name": "firefox-0:78.4.0-1.el8_2.ppc64le",
                  "product_id": "firefox-0:78.4.0-1.el8_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@78.4.0-1.el8_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
                "product": {
                  "name": "firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
                  "product_id": "firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@78.4.0-1.el8_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
                "product": {
                  "name": "firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
                  "product_id": "firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@78.4.0-1.el8_2?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:78.4.0-1.el8_2.aarch64",
                "product": {
                  "name": "firefox-0:78.4.0-1.el8_2.aarch64",
                  "product_id": "firefox-0:78.4.0-1.el8_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@78.4.0-1.el8_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
                "product": {
                  "name": "firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
                  "product_id": "firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debugsource@78.4.0-1.el8_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
                "product": {
                  "name": "firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
                  "product_id": "firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox-debuginfo@78.4.0-1.el8_2?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-0:78.4.0-1.el8_2.src",
                "product": {
                  "name": "firefox-0:78.4.0-1.el8_2.src",
                  "product_id": "firefox-0:78.4.0-1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/firefox@78.4.0-1.el8_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:78.4.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64"
        },
        "product_reference": "firefox-0:78.4.0-1.el8_2.aarch64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:78.4.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le"
        },
        "product_reference": "firefox-0:78.4.0-1.el8_2.ppc64le",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:78.4.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x"
        },
        "product_reference": "firefox-0:78.4.0-1.el8_2.s390x",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:78.4.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src"
        },
        "product_reference": "firefox-0:78.4.0-1.el8_2.src",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-0:78.4.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64"
        },
        "product_reference": "firefox-0:78.4.0-1.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:78.4.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64"
        },
        "product_reference": "firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le"
        },
        "product_reference": "firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:78.4.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x"
        },
        "product_reference": "firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debuginfo-0:78.4.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64"
        },
        "product_reference": "firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:78.4.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64"
        },
        "product_reference": "firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:78.4.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le"
        },
        "product_reference": "firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:78.4.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x"
        },
        "product_reference": "firefox-debugsource-0:78.4.0-1.el8_2.s390x",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-debugsource-0:78.4.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
        },
        "product_reference": "firefox-debugsource-0:78.4.0-1.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Philipp",
            "Simon Giesecke",
            "Christian Holler",
            "Jason Kratzer"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2020-15683",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2020-10-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1889932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.4, Firefox \u003c 82, and Thunderbird \u003c 78.4.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15683"
        },
        {
          "category": "external",
          "summary": "RHBZ#1889932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889932"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15683"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15683",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15683"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683"
        }
      ],
      "release_date": "2020-10-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
          "product_ids": [
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4"
    },
    {
      "cve": "CVE-2020-15969",
      "discovery_date": "2020-10-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1885885"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in WebRTC",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x",
          "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15969"
        },
        {
          "category": "external",
          "summary": "RHBZ#1885885",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885885"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15969"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15969",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15969"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2020-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
          "product_ids": [
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.src",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debuginfo-0:78.4.0-1.el8_2.x86_64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.aarch64",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.ppc64le",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.s390x",
            "AppStream-8.2.0.Z.MAIN.EUS:firefox-debugsource-0:78.4.0-1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in WebRTC"
    }
  ]
}

cve-2020-15683

Vulnerability from cvelistv5

Published

2020-10-22 20:32

Modified

2024-08-04 13:22

Severity

Summary

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

References

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2020-45/	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2020-47/	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2020-46/	x_refsource_MISC
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html	vendor-advisory, x_refsource_SUSE
https://www.debian.org/security/2020/dsa-4780	vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html	vendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html	mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202010-08	vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor	Product
Mozilla	Firefox ESR
Mozilla	Firefox
Mozilla	Thunderbird

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-45/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-47/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-46/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140"
          },
          {
            "name": "openSUSE-SU-2020:1732",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html"
          },
          {
            "name": "DSA-4780",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4780"
          },
          {
            "name": "openSUSE-SU-2020:1748",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html"
          },
          {
            "name": "[debian-lts-announce] 20201027 [SECURITY] [DLA 2416-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html"
          },
          {
            "name": "GLSA-202010-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202010-08"
          },
          {
            "name": "openSUSE-SU-2020:1780",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
          },
          {
            "name": "openSUSE-SU-2020:1785",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "82",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.4, Firefox \u003c 82, and Thunderbird \u003c 78.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-31T15:06:08",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-45/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-47/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-46/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140"
        },
        {
          "name": "openSUSE-SU-2020:1732",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html"
        },
        {
          "name": "DSA-4780",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4780"
        },
        {
          "name": "openSUSE-SU-2020:1748",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html"
        },
        {
          "name": "[debian-lts-announce] 20201027 [SECURITY] [DLA 2416-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html"
        },
        {
          "name": "GLSA-202010-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202010-08"
        },
        {
          "name": "openSUSE-SU-2020:1780",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
        },
        {
          "name": "openSUSE-SU-2020:1785",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-15683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "82"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.4, Firefox \u003c 82, and Thunderbird \u003c 78.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-45/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-45/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-47/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-47/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-46/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-46/"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140"
            },
            {
              "name": "openSUSE-SU-2020:1732",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html"
            },
            {
              "name": "DSA-4780",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4780"
            },
            {
              "name": "openSUSE-SU-2020:1748",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html"
            },
            {
              "name": "[debian-lts-announce] 20201027 [SECURITY] [DLA 2416-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html"
            },
            {
              "name": "GLSA-202010-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202010-08"
            },
            {
              "name": "openSUSE-SU-2020:1780",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
            },
            {
              "name": "openSUSE-SU-2020:1785",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-15683",
    "datePublished": "2020-10-22T20:32:14",
    "dateReserved": "2020-07-10T00:00:00",
    "dateUpdated": "2024-08-04T13:22:30.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15969

Vulnerability from cvelistv5

Published

2020-11-03 02:21

Modified

2024-08-04 13:30

Severity

Summary

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

URL	Tags
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html	x_refsource_MISC
https://crbug.com/1124659	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html	vendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/	vendor-advisory, x_refsource_FEDORA
https://support.apple.com/kb/HT212009	x_refsource_CONFIRM
https://support.apple.com/kb/HT212011	x_refsource_CONFIRM
https://support.apple.com/kb/HT212005	x_refsource_CONFIRM
https://support.apple.com/kb/HT212003	x_refsource_CONFIRM
https://support.apple.com/kb/HT212007	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2020/Dec/27	mailing-list, x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2020/Dec/30	mailing-list, x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2020/Dec/24	mailing-list, x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2020/Dec/26	mailing-list, x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2020/Dec/29	mailing-list, x_refsource_FULLDISC
https://www.debian.org/security/2021/dsa-4824	vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/202101-30	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor	Product
Google	Chrome

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:30:23.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1124659"
          },
          {
            "name": "openSUSE-SU-2020:1829",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
          },
          {
            "name": "FEDORA-2020-127d40f1ab",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/"
          },
          {
            "name": "FEDORA-2020-8aca25b5c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/"
          },
          {
            "name": "FEDORA-2020-4e8e48da22",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212009"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212011"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212007"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-5 watchOS 7.2",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/27"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-8 Safari 14.0.2",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/30"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/24"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-7 tvOS 14.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/29"
          },
          {
            "name": "DSA-4824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4824"
          },
          {
            "name": "GLSA-202101-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "86.0.4240.75",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-26T02:07:24",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1124659"
        },
        {
          "name": "openSUSE-SU-2020:1829",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
        },
        {
          "name": "FEDORA-2020-127d40f1ab",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/"
        },
        {
          "name": "FEDORA-2020-8aca25b5c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/"
        },
        {
          "name": "FEDORA-2020-4e8e48da22",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212009"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212011"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212007"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-5 watchOS 7.2",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/27"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-8 Safari 14.0.2",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/30"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/24"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-7 tvOS 14.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/29"
        },
        {
          "name": "DSA-4824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4824"
        },
        {
          "name": "GLSA-202101-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-15969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "86.0.4240.75"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/1124659",
              "refsource": "MISC",
              "url": "https://crbug.com/1124659"
            },
            {
              "name": "openSUSE-SU-2020:1829",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
            },
            {
              "name": "FEDORA-2020-127d40f1ab",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/"
            },
            {
              "name": "FEDORA-2020-8aca25b5c8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/"
            },
            {
              "name": "FEDORA-2020-4e8e48da22",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/"
            },
            {
              "name": "https://support.apple.com/kb/HT212009",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212009"
            },
            {
              "name": "https://support.apple.com/kb/HT212011",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212011"
            },
            {
              "name": "https://support.apple.com/kb/HT212005",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212005"
            },
            {
              "name": "https://support.apple.com/kb/HT212003",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212003"
            },
            {
              "name": "https://support.apple.com/kb/HT212007",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212007"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-5 watchOS 7.2",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/27"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-8 Safari 14.0.2",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/30"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/24"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-7 tvOS 14.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/29"
            },
            {
              "name": "DSA-4824",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4824"
            },
            {
              "name": "GLSA-202101-30",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-15969",
    "datePublished": "2020-11-03T02:21:27",
    "dateReserved": "2020-07-27T00:00:00",
    "dateUpdated": "2024-08-04T13:30:23.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2020_4317

Vulnerability from csaf_redhat

cve-2020-15683

Vulnerability from cvelistv5

cve-2020-15969

Vulnerability from cvelistv5

Tags