| Vulnerability Name | Use-After-Free Vulnerability in Mozilla Products |
| Severity Rating | HIGH |
| Software Affected | Mozilla Firefox versions prior to 82.0.3 Mozilla Firefox ESR versions prior to 78.4.1 Mozilla Thunderbird versions prior to 78.4.2 |
| CVE Name | CVE-2020-26950 |
Overview
A vulnerability has been reported in Mozilla Products which could allow a remote attacker to execute arbitrary code on the targeted system.
Description
This vulnerability exists in Mozilla products due to un-accountability of write side effects in MCallGetPropertyopcode. A remote attacker could exploit this vulnerability by persuading a victim to visit a specially-crafted web site resulting in use-after-free conditions.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.
Solution
Upgrade to Mozilla Firefox version 82.0.3, Firefox ESR version 78.4.1 and Thunderbird version 78.4.2
Vendor Information
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
References
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
RedHatBugzilla
https://access.redhat.com/security/cve/cve-2020-26950
Note: Any unusual activity or attack should be reported immediately at incident@cert-in.org.in, cert.ksitm@kerala.gov.in with the relevant logs for analysis and taking further appropriate actions.