CVE-2020-12387

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-12387

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12387.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-12387

Downstream

DEBIAN-CVE-2020-12387

DLA-2205-1

DLA-2206-1

DSA-4678-1

DSA-4683-1

RHSA-2020:2031

RHSA-2020:2032

RHSA-2020:2033

RHSA-2020:2036

RHSA-2020:2037

RHSA-2020:2046

RHSA-2020:2047

RHSA-2020:2048

RHSA-2020:2049

RHSA-2020:2050

SUSE-SU-2020:1209-1

SUSE-SU-2020:1218-1

SUSE-SU-2020:1225-1

SUSE-SU-2020:14359-1

UBUNTU-CVE-2020-12387

USN-4353-1

USN-4373-1

openSUSE-SU-2020:0621-1

openSUSE-SU-2020:0643-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2020-05-26T18:15:10Z

Modified

2025-08-09T20:01:25Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

References

Affected packages