Published: 02/03/2020 Updated: 12/03/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Vulnerability Trend

Vendor Advisories

Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Several memory safety bugs have been found in Firefox before 730 Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code ...
Arch Linux Security Advisory ASA-202002-5 ========================================= Severity: Critical Date : 2020-02-11 CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Package : firefox Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1096 Summary ======= The package firefox before versio ...

Recent Articles

Mozilla Firefox 73 Browser Update Fixes High-Severity RCE Bugs
Threatpost • Lindsey O'Donnell • 12 Feb 2020

Mozilla has launched the latest version of its Firefox browser, which knocks out high-severity security flaws that leave systems open to attack by a remote adversary.
The patched version of Mozilla’s browser, launched on Tuesday, is Firefox 73 and Firefox ESR 68.5. The Firefox ESR browser is its Extended Support Release version of Firefox, designed for mass deployments. Both releases tackle six vulnerabilities. Two of the high-severity bugs both allow a remote attacker to execute code on...