{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.9.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "77", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9."}], "problemTypes": [{"descriptions": [{"description": "JavaScript type confusion with NativeTypes", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-22T15:06:11", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"}, {"name": "USN-4421-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4421-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-12406", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.9.0"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "77"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.9"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "JavaScript type confusion with NativeTypes"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-20/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-21/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-22/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"}, {"name": "USN-4421-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4421-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:51.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"}, {"name": "USN-4421-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4421-1/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-12406", "datePublished": "2020-07-09T14:45:21", "dateReserved": "2020-04-28T00:00:00", "dateUpdated": "2024-08-04T11:56:51.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "953DA746-3B0F-4926-B859-CA94CD65E4F2", "versionEndExcluding": "77.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "7113E7DB-1A88-4F93-AC2E-26DD06078EE4", "versionEndExcluding": "68.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5275EC9-3455-4BAE-A71E-13205D5123E6", "versionEndExcluding": "68.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9."}, {"lang": "es", "value": "El desarrollador de Mozilla, Iain Ireland, detect\u00f3 una falta de un tipo comprobaci\u00f3n durante la eliminaci\u00f3n de objetos sin caja, resultando en un bloqueo. Presumimos que con un esfuerzo suficiente podr\u00eda ser explotado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9"}], "id": "CVE-2020-12406", "lastModified": "2024-11-21T04:59:39.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-09T15:15:11.020", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4421-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4421-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Iain Ireland as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:2378", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.9.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-06-03T00:00:00Z"}, {"advisory": "RHSA-2020:2613", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.9.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-06-19T00:00:00Z"}, {"advisory": "RHSA-2020:2381", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.9.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-06-03T00:00:00Z"}, {"advisory": "RHSA-2020:2615", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.9.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2379", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.9.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-06-03T00:00:00Z"}, {"advisory": "RHSA-2020:2614", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.9.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2382", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:68.9.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-06-03T00:00:00Z"}, {"advisory": "RHSA-2020:2616", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.9.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-06-19T00:00:00Z"}, {"advisory": "RHSA-2020:2380", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "firefox-0:68.9.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-06-03T00:00:00Z"}, {"advisory": "RHSA-2020:2611", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:68.9.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-06-19T00:00:00Z"}], "bugzilla": {"description": "Mozilla: JavaScript Type confusion with NativeTypes", "id": "1843312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843312"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-843", "details": ["Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code."], "name": "CVE-2020-12406", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-06-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12406\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406"], "threat_severity": "Important"}