CVE-2020-15667 – This vulnerability allows arbitrary code execut... (How to Fix)

Q: How do I fix CVE-2020-15667?

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Allow automatic update to version 80 or higher. 4. Restart Firefox when prompted.

Q: What is the severity of CVE-2020-15667?

CVE-2020-15667 has a CVSS score of 8.8 (HIGH). This vulnerability allows arbitrary code execution through a heap overflow when processing malicious MAR update files with invalid name lengths. It affects Firefox versions before 80. Exploitation requires Mozilla's signing key, limiting real-world attack vectors.

📋 TL;DR

This vulnerability allows arbitrary code execution through a heap overflow when processing malicious MAR update files with invalid name lengths. It affects Firefox versions before 80. Exploitation requires Mozilla's signing key, limiting real-world attack vectors.

💻 Affected Systems

Products:

Mozilla Firefox

Versions: All versions < 80

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable with Mozilla-controlled signing key for MAR files.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with the privileges of the Firefox process.

🟠

Likely Case

Limited exploitation due to requirement for Mozilla signing key; potential targeted attacks if key is compromised.

🟢

If Mitigated

No impact if Firefox is updated to version 80+ or if MAR updates are disabled.

🌐 Internet-Facing: LOW - Requires Mozilla-controlled signing key for exploitation.

🏢 Internal Only: LOW - Same key requirement applies internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Requires Mozilla signing key and specific MAR file manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 80

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2020-36/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Allow automatic update to version 80 or higher. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable MAR updates

all

Prevents processing of MAR update files entirely

Set app.update.marEnabled to false in about:config

🧯 If You Can't Patch

Disable MAR updates via about:config
Restrict Firefox from downloading/processing external MAR files

🔍 How to Verify

Check if Vulnerable:

Check Firefox version via about:support or Help → About Firefox. If version is less than 80, system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

Confirm Firefox version is 80 or higher via about:support.

📡 Detection & Monitoring

Log Indicators:

Failed MAR update attempts
Firefox crash reports with memory corruption signatures

Network Indicators:

Downloads of MAR files from unusual sources

SIEM Query:

source="firefox.log" AND ("MAR" OR "update" OR "heap overflow")

📊 Metadata

CVE ID: CVE-2020-15667

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 1, 2020

Last Updated: November 21, 2024

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1653371 Issue Tracking,Permissions Required,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-36/ Release Notes,Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1653371 Issue Tracking,Permissions Required,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-36/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15667, you might also want to check these: