Candidate: CVE-2020-15669
PublicDate: 2020-10-01 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15669
 https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
 https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669
 https://rhn.redhat.com/errata/RHSA-2020-3558.html
Description:
 When aborting an operation, such as a fetch, an abort signal may be deleted
 while alerting the objects to be notified. This results in a use-after-free
 and we presume that with enough effort it could have been exploited to run
 arbitrary code. This vulnerability affects Firefox ESR < 68.12 and
 Thunderbird < 68.12.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_firefox-esr:
upstream_firefox-esr: released (68.12.0esr-1)
precise/esm_firefox-esr: DNE
trusty_firefox-esr: ignored (out of standard support)
trusty/esm_firefox-esr: DNE
xenial_firefox-esr: DNE
bionic_firefox-esr: DNE
focal_firefox-esr: DNE
groovy_firefox-esr: DNE
hirsute_firefox-esr: DNE
impish_firefox-esr: DNE
jammy_firefox-esr: DNE
devel_firefox-esr: DNE

Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: released (68.12)
precise/esm_thunderbird: DNE
trusty_thunderbird: ignored (out of standard support)
trusty/esm_thunderbird: DNE
xenial_thunderbird: ignored (end of standard support, was needed)
esm-infra/xenial_thunderbird: needed
bionic_thunderbird: released (1:78.8.1+build1-0ubuntu0.18.04.1)
focal_thunderbird: released (78.7.1+build1-0ubuntu0.20.04.1)
groovy_thunderbird: not-affected (1:78.3.2+build1-0ubuntu1)
hirsute_thunderbird: not-affected (1:78.4.3+build1-0ubuntu1)
impish_thunderbird: not-affected (1:78.4.3+build1-0ubuntu1)
jammy_thunderbird: not-affected (1:78.4.3+build1-0ubuntu1)
devel_thunderbird: not-affected (1:78.4.3+build1-0ubuntu1)