First published: Tue Nov 17 2020(Updated: )
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox and Thunderbird | <83 | 83 |
Mozilla Firefox and Thunderbird | <83.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2020-26952.
The severity of CVE-2020-26952 is critical with a CVSS score of 8.8.
Firefox versions up to exclusive version 83 are affected by CVE-2020-26952.
CVE-2020-26952 could lead to memory corruption and potentially exploitable crashes when handling out-of-memory errors.
To fix CVE-2020-26952, update Firefox to version 83 or later.