// For flags

CVE-2020-15667

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

Cuando se procesa un archivo de actualización MAR, después de que haya sido comprobada la firma, una longitud de nombre no válida podría resultar en un desbordamiento de la pila, conllevando a una corrupción de la memoria y una ejecución de código potencialmente arbitraria.&#xa0;En Firefox, tal como es lanzado por Mozilla, este problema solo es explotable con la clave de firma controlada por Mozilla.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 80

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-07-10 CVE Reserved
  • 2020-10-01 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-11-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.mozilla.org/security/advisories/mfsa2020-36 2021-07-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 < 80.0
Search vendor "Mozilla" for product "Firefox" and version " < 80.0"
-
Affected