Vulnerability CVE-2020-15683: Information

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-15683

Published: Oct. 23, 2020

Modified: April 28, 2022

Error type identifier: CWE-787, CWE-416

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	82.0-alt1	127.0-alt1	ALT-PU-2020-3120-1	260224	Fixed
firefox	p10	82.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2020-3120-1	260224	Fixed
firefox	p9	82.0.3-alt0.1.p9	105.0.1-alt0.c9.1	ALT-PU-2021-1152-1	264322	Fixed
firefox	c10f1	82.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2020-3120-1	260224	Fixed
firefox	c9f2	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2021-3368-1	288792	Fixed
firefox	p11	82.0-alt1	126.0.1-alt1	ALT-PU-2020-3120-1	260224	Fixed
firefox-esr	sisyphus	78.4.0-alt1	115.11.0-alt1	ALT-PU-2020-3115-1	260143	Fixed
firefox-esr	p10	91.1.0-alt1	115.11.0-alt1	ALT-PU-2021-2881-1	284980	Fixed
firefox-esr	p9	78.4.0-alt0.1.p9	102.11.0-alt0.c9.1	ALT-PU-2020-3134-1	260258	Fixed
firefox-esr	c10f1	91.1.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2021-2881-1	284980	Fixed
firefox-esr	c9f2	91.3.0-alt1.c9.1	102.12.0-alt0.c9.1	ALT-PU-2021-3369-1	288792	Fixed
firefox-esr	p11	78.4.0-alt1	115.11.0-alt1	ALT-PU-2020-3115-1	260143	Fixed
thunderbird	sisyphus	78.4.0-alt1	115.9.0-alt1	ALT-PU-2020-3118-1	260202	Fixed
thunderbird	p10	78.4.0-alt1	115.9.0-alt1	ALT-PU-2020-3118-1	260202	Fixed
thunderbird	p9	78.4.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-3143-1	260277	Fixed
thunderbird	c10f1	78.4.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2020-3118-1	260202	Fixed
thunderbird	c9f2	78.7.0-alt0.1.c9	102.11.0-alt0.c9.1	ALT-PU-2021-1369-1	264611	Fixed
thunderbird	p11	78.4.0-alt1	115.9.0-alt1	ALT-PU-2020-3118-1	260202	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2020-45/	Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-46/	Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-47/	Release Notes Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140	Broken Link Issue Tracking Vendor Advisory
DSA-4780	Third Party Advisory
openSUSE-SU-2020:1732	Mailing List Third Party Advisory
openSUSE-SU-2020:1748	Mailing List Third Party Advisory
[debian-lts-announce] 20201027 [SECURITY] [DLA 2416-1] thunderbird security update	Mailing List Third Party Advisory
GLSA-202010-08	Third Party Advisory
openSUSE-SU-2020:1785	Mailing List Third Party Advisory
openSUSE-SU-2020:1780	Mailing List Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  78.4
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  78.4
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  82.0
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2020-15683: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3