====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN623
_____________________________________________________________________

DATE                : 13/11/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to 82.0.3,
                                           78.4.1,
                       Thunderbird versions prior to 78.4.2.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2020-49
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1,
and Thunderbird 78.4.2

Announced        November 9, 2020
Impact           critical
Products         Firefox, Firefox ESR, Thunderbird
Fixed in
        Firefox 82.0.3
        Firefox ESR 78.4.1
        Thunderbird 78.4.2


#CVE-2020-26950: Write side effects in MCallGetProperty opcode not
accounted for

Reporter          360政企安全漏洞研究院 in Tianfu Cup 2020 International
                  Cybersecurity Contest
Impact            critical

Description

In certain circumstances, the MCallGetProperty opcode can be emitted
with unmet assumptions resulting in an exploitable use-after-free
condition.


References

    Bug 1675905


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================