Lucene search
MozillaCVE-2020-12405HistoryJul 09, 2020 - 3:15 p.m.
CVE-2020-12405
2020-07-0915:15:10
CWE-416
CWE-362
mozilla
web.nvd.nist.gov
205
cve-2020-12405
security vulnerability
thunderbird
firefox
nvd
exploitable crash
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.3
Confidence
High
EPSS
0.002
Percentile
64.7%
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Affected configurations
Node
mozillafirefoxRange<77.0
ORmozillafirefox_esrRange<68.9.0
ORmozillathunderbirdRange<68.9.0
Node
canonicalubuntu_linuxMatch16.04esm
ORcanonicalubuntu_linuxMatch18.04lts
ORcanonicalubuntu_linuxMatch19.10
ORcanonicalubuntu_linuxMatch20.04lts
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "68.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "77",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "68.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Denial Of Service (DoS)
2020-06-04 03:32:40
cvelist
cvelist
CVE-2020-12405
2020-07-09 14:45:23
debiancve
debiancve
CVE-2020-12405
2020-07-09 15:15:10
ubuntucve
ubuntucve
CVE-2020-12405
2020-06-02 00:00:00
prion
prion
Race condition
2020-07-09 15:15:00
redhatcve
redhatcve
CVE-2020-12405
2020-06-02 16:21:45
CVE-2020-12410
2020-06-03 02:21:54
alpinelinux
alpinelinux
CVE-2020-12405
2020-07-09 15:15:10
nvd
nvd
CVE-2020-12405
2020-07-09 15:15:10
talos
talos
Mozilla Firefox SharedWorkerService Code Execution Vulnerability
2020-06-10 00:00:00
nessus
nessus
Mozilla Firefox ESR < 68.9
2020-06-02 00:00:00
Mozilla Firefox ESR < 68.9
2020-06-02 00:00:00
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:1563-1)
2020-06-18 00:00:00
centos
centos
firefox security update
2020-06-04 16:02:07
firefox security update
2020-06-04 16:00:43
thunderbird security update
2020-06-19 21:47:41
redhat
redhat
(RHSA-2020:2381) Important: firefox security update
2020-06-03 09:43:35
(RHSA-2020:2380) Important: firefox security update
2020-06-03 08:36:11
(RHSA-2020:2382) Important: firefox security update
2020-06-03 10:08:40
openvas
openvas
CentOS: Security Advisory for firefox (CESA-2020:2381)
2020-06-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1563-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:14389-1)
2021-06-09 00:00:00
oraclelinux
oraclelinux
firefox security update
2020-06-05 00:00:00
firefox security update
2020-06-05 00:00:00
thunderbird security update
2020-06-23 00:00:00
ibm
ibm
suse
suse
Security update for MozillaFirefox (important)
2020-06-10 00:00:00
Security update for MozillaThunderbird (important)
2020-06-12 00:00:00
kaspersky
kaspersky
KLA11793 Multiple vulnerabilities in Mozilla Firefox ESR
2020-06-02 00:00:00
KLA11795 Multiple vulnerabilities in Mozilla Thunderbird
2020-06-02 00:00:00
KLA11792 Multiple vulnerabilities in Mozilla Firefox
2020-06-02 00:00:00
osv
osv
firefox-esr - security update
2020-06-03 00:00:00
firefox-esr - security update
2020-06-09 00:00:00
thunderbird - security update
2020-06-11 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 68.9 — Mozilla
2020-06-02 00:00:00
Security Vulnerabilities fixed in Thunderbird 68.9.0 — Mozilla
2020-06-02 00:00:00
Security Vulnerabilities fixed in Firefox 77 — Mozilla
2020-06-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.9.0-alt1
2020-06-03 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.9.0-alt1
2020-06-04 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2020-06-15 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2020-06-13 00:00:00
debian
debian
[SECURITY] [DLA 2243-1] firefox-esr security update
2020-06-09 18:25:36
[SECURITY] [DLA 2243-1] firefox-esr security update [REVISED]
2020-06-09 18:29:15
[SECURITY] [DSA 4695-1] firefox-esr security update
2020-06-03 18:13:01
amazon
amazon
Important: thunderbird
2020-07-14 02:50:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2020-06-04 18:27:58
archlinux
archlinux
[ASA-202006-4] thunderbird: multiple issues
2020-06-06 00:00:00
[ASA-202006-1] firefox: multiple issues
2020-06-02 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerability
2020-08-01 02:25:42
Updated firefox packages fix security vulnerability
2020-07-05 01:47:21
ubuntu
ubuntu
Firefox vulnerabilities
2020-06-04 00:00:00
Thunderbird vulnerabilities
2020-07-08 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.3
Confidence
High
EPSS
0.002
Percentile
64.7%
Related for CVE-2020-12405