First published: Tue Jun 30 2020(Updated: )
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <78 | 78 |
Mozilla Firefox | <78 | 78 |
Mozilla Firefox | <78.0 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
debian/firefox | 133.0.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2020-12422 is a vulnerability that occurs when a JPEG image created by JavaScript can cause an internal variable to overflow, resulting in memory corruption and potentially exploitable crashes.
Mozilla Firefox and Mozilla Thunderbird versions up to and excluding 78 are affected by CVE-2020-12422.
CVE-2020-12422 has a severity level of medium (4).
To fix CVE-2020-12422, update Mozilla Firefox and Mozilla Thunderbird to version 78 or above.
You can find more information about CVE-2020-12422 on the Mozilla Bugzilla website and the Mozilla Security Advisories page.