First published: Tue Jun 30 2020(Updated: )
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <78 | 78 |
Mozilla Firefox | <78 | 78 |
Mozilla Firefox | <78.0 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
debian/firefox | 133.0.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2020-12416 is a vulnerability in Firefox and Thunderbird that could result in a use-after-free, memory corruption, and potentially exploitable crash.
CVE-2020-12416 affects Firefox versions prior to 78.0.
CVE-2020-12416 affects Thunderbird versions prior to 78.0.
CVE-2020-12416 has a severity level of critical with a CVSS score of 8.8.
To fix CVE-2020-12416, upgrade to Firefox version 78.0 or later, or upgrade to Thunderbird version 78.0 or later.