vulnerability

Red Hat: CVE-2020-12417: CVE-2020-12417 Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Jul 6, 2020	Jul 8, 2020	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Jul 6, 2020

Added

Jul 8, 2020

Modified

Aug 11, 2025

Description

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

Solutions

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

CWE-617
CWE-681
CWE-787
NVD-CVE-2020-12417
REDHAT-RHSA-2020:2826
REDHAT-RHSA-2020:2827
REDHAT-RHSA-2020:2828
REDHAT-RHSA-2020:2906
REDHAT-RHSA-2020:2907
REDHAT-RHSA-2020:3038

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today