Mozilla Foundation Security Advisory 2020-49

Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2

Announced
November 9, 2020
Impact
critical
Products
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 82.0.3
  • Firefox ESR 78.4.1
  • Thunderbird 78.4.2

#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

Reporter
360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity Contest
Impact
critical
Description

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.

References