CVE-2020-12406

Summary

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 68.9.0affected
MozillaFirefoxunspecified < 77affected
MozillaFirefox ESRunspecified < 68.9affected

Weaknesses

  • JavaScript type confusion with NativeTypes

ADP Enrichment

CVE Program Container

Additional References

References