CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12420 – Mozilla: Use-After-Free when trying to connect to a STUN server
https://notcve.org/view.php?id=CVE-2020-12420
This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. ... Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1643437 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-12426
https://notcve.org/view.php?id=CVE-2020-12426
Mozilla developers and community members reported memory safety bugs present in Firefox 77. ... This vulnerability affects Firefox < 78. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de la memoria presentes en Firefox versión 77. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 78 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1608068%2C1609951%2C1631187%2C1637682 https://security.gentoo.org/glsa/202007-10 https://www.mozilla.org/security/advisories/mfsa2020-24 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12411
https://notcve.org/view.php?id=CVE-2020-12411
Mozilla developers reported memory safety bugs present in Firefox 76. ... This vulnerability affects Firefox < 77. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 76. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 77 • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1620972%2C1625333 https://www.mozilla.org/security/advisories/mfsa2020-20 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12406 – Mozilla: JavaScript Type confusion with NativeTypes
https://notcve.org/view.php?id=CVE-2020-12406
This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. ... Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9 The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1639590 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12406 https://bugzilla.redhat.com/show_bug.cgi?id=1843312 • CWE-345: Insufficient Verification of Data Authenticity CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-12410 – Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
https://notcve.org/view.php?id=CVE-2020-12410
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. ... This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 76 y Firefox ESR versión 68.8. ... Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9 The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12410 https://bugzilla.redhat.com/show_bug.cgi?id=1843030 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •