What is the CVE ID of this vulnerability?

The CVE ID of this vulnerability is CVE-2020-26968.

Which software versions are affected by this vulnerability?

Firefox ESR versions up to and excluding 78.5, Thunderbird versions up to and excluding 78.5, and Firefox versions up to and excluding 83 are affected by this vulnerability.

What is the severity of CVE-2020-26968?

The severity of CVE-2020-26968 is high with a CVSS score of 7.

Are there any known fixes for this vulnerability?

Yes, Mozilla has released Firefox ESR version 78.5 and Firefox version 83, which contain fixes for this vulnerability.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Mozilla Bugzilla and Mozilla Security Advisories websites. Links: [Mozilla Bugzilla](https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923), [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/)

Vulnerability/
CVE-2020-26968

critical

9.3

CWE

787

17/11/2020

9/12/2020

4/8/2024

CVE-2020-26968

First published: Tue Nov 17 2020(Updated: )

Mozilla developers Randell Jesup, Christian Holler, Jason Kratzer, Byron Campen, and Steve Fink reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox ESR	<78.5	78.5
	<83	83
	<78.5	78.5
	<78.5	78.5
Mozilla Firefox	<83.0
Mozilla Firefox ESR	<78.5
Mozilla Thunderbird	<78.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2020-26968.
Which software versions are affected by this vulnerability?
Firefox ESR versions up to and excluding 78.5, Thunderbird versions up to and excluding 78.5, and Firefox versions up to and excluding 83 are affected by this vulnerability.
What is the severity of CVE-2020-26968?
The severity of CVE-2020-26968 is high with a CVSS score of 7.
Are there any known fixes for this vulnerability?
Yes, Mozilla has released Firefox ESR version 78.5 and Firefox version 83, which contain fixes for this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Mozilla Bugzilla and Mozilla Security Advisories websites. Links: [Mozilla Bugzilla](https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923), [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/)

collector/mozilla-advisory
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/references
agent/author
agent/severity
agent/weakness
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/description
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox