What is the severity of CVE-2020-26959?

The severity of CVE-2020-26959 is high with a severity value of 8.8.

Which software is affected by CVE-2020-26959?

Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5 are affected by CVE-2020-26959.

How can the use-after-free vulnerability be exploited?

The use-after-free vulnerability in CVE-2020-26959 can potentially be exploited to cause a memory corruption and crash.

How can I fix CVE-2020-26959?

To fix CVE-2020-26959, update Mozilla Firefox to version 83 or later, Firefox ESR to version 78.5 or later, or Thunderbird to version 78.5 or later.

Where can I find more information about CVE-2020-26959?

You can find more information about CVE-2020-26959 in the following references: [Reference 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1669466), [Reference 2](https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/), [Reference 3](https://www.mozilla.org/security/advisories/mfsa2020-50/).

Vulnerability/
CVE-2020-26959

high

8.8

CWE

416

17/11/2020

9/12/2020

4/8/2024

CVE-2020-26959: Use After Free

Q: Which software is affected by CVE-2020-26959?

Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5 are affected by CVE-2020-26959.

Q: How can the use-after-free vulnerability be exploited?

The use-after-free vulnerability in CVE-2020-26959 can potentially be exploited to cause a memory corruption and crash.

Q: How can I fix CVE-2020-26959?

To fix CVE-2020-26959, update Mozilla Firefox to version 83 or later, Firefox ESR to version 78.5 or later, or Thunderbird to version 78.5 or later.

Q: Where can I find more information about CVE-2020-26959?

You can find more information about CVE-2020-26959 in the following references: [Reference 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1669466), [Reference 2](https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/), [Reference 3](https://www.mozilla.org/security/advisories/mfsa2020-50/).

First published: Tue Nov 17 2020(Updated: )

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox ESR	<78.5	78.5
	<83	83
	<78.5	78.5
	<78.5	78.5
Mozilla Firefox	<83.0
Mozilla Firefox ESR	<78.5
Mozilla Thunderbird	<78.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2020-26959?
The severity of CVE-2020-26959 is high with a severity value of 8.8.
Which software is affected by CVE-2020-26959?
Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5 are affected by CVE-2020-26959.
How can the use-after-free vulnerability be exploited?
The use-after-free vulnerability in CVE-2020-26959 can potentially be exploited to cause a memory corruption and crash.
How can I fix CVE-2020-26959?
To fix CVE-2020-26959, update Mozilla Firefox to version 83 or later, Firefox ESR to version 78.5 or later, or Thunderbird to version 78.5 or later.
Where can I find more information about CVE-2020-26959?
You can find more information about CVE-2020-26959 in the following references: [Reference 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1669466), [Reference 2](https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/), [Reference 3](https://www.mozilla.org/security/advisories/mfsa2020-50/).

collector/mozilla-advisory
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/references
agent/author
agent/severity
agent/weakness
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/software-canonical-lookup-request
agent/description
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox