Lucene search

PRIOn knowledge basePRION:CVE-2020-15678

HistoryOct 01, 2020 - 7:15 p.m.

Design/Logic Flaw

2020-10-0119:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.3%

JSON

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
firefoxlt81.0
firefox_esrlt78.3
thunderbirdlt78.3
leapeq15.1
leapeq15.2

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
firefox	lt	81.0
firefox_esr	lt	78.3
thunderbird	lt	78.3
leap	eq	15.1
leap	eq	15.2

References

lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html

lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html

bugzilla.mozilla.org/show_bug.cgi?id=1660211

lists.debian.org/debian-lts-announce/2020/10/msg00020.html

security.gentoo.org/glsa/202010-02

www.debian.org/security/2020/dsa-4770

www.mozilla.org/security/advisories/mfsa2020-42/

www.mozilla.org/security/advisories/mfsa2020-43/

www.mozilla.org/security/advisories/mfsa2020-44/