CVE-2020-35114 – This CVE describes memory safety bugs in Firefo... (How to Fix)

Q: How do I fix CVE-2020-35114?

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Allow automatic update to Firefox 84 or later. 4. Restart Firefox when prompted.

Q: What is the severity of CVE-2020-35114?

CVE-2020-35114 has a CVSS score of 8.8 (HIGH). This CVE describes memory safety bugs in Firefox that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbitrary code on affected systems. Users running Firefox versions below 84 are vulnerable.

📋 TL;DR

This CVE describes memory safety bugs in Firefox that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbitrary code on affected systems. Users running Firefox versions below 84 are vulnerable.

💻 Affected Systems

Products:

Mozilla Firefox

Versions: All versions < 84

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Firefox installations are affected; no special configuration required.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crashes or instability, with potential for limited code execution in browser context.

🟢

If Mitigated

Minimal impact if patched promptly; browser crashes may still occur but without code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Memory corruption bugs require sophisticated exploitation techniques; no public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 84 and later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2020-54/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Allow automatic update to Firefox 84 or later. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Reduces attack surface by disabling JavaScript execution

about:config → javascript.enabled = false

Use Enhanced Tracking Protection

all

Blocks known malicious scripts and trackers

Settings → Privacy & Security → Enhanced Tracking Protection → Strict

🧯 If You Can't Patch

Restrict Firefox to trusted websites only using network policies
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Firefox version in About Firefox dialog; versions below 84 are vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

Confirm Firefox version is 84 or higher in About Firefox dialog.

📡 Detection & Monitoring

Log Indicators:

Firefox crash reports
Unexpected process termination events

Network Indicators:

Unusual outbound connections from Firefox process

SIEM Query:

process_name="firefox.exe" AND (event_id=1000 OR event_id=1001)

📊 Metadata

CVE ID: CVE-2020-35114

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 7, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%2C1669914%2C1673567 Exploit,Issue Tracking,Patch,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-54/ Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%2C1669914%2C1673567 Exploit,Issue Tracking,Patch,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-54/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35114, you might also want to check these: