Mozilla Foundation Security Advisory 2021-01

Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1

Announced
January 6, 2021
Impact
critical
Products
Firefox, Firefox ESR, Firefox for Android
Fixed in
  • Firefox 84.0.2
  • Firefox ESR 78.6.1
  • Firefox for Android 84.1.3

#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Reporter
Ned Williamson
Impact
critical
Description

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.

References