#VU48471 Resource management error in Mozilla Firefox

Published: 2020-11-17

Vulnerability identifier: #VU48471

Vulnerability risk: Low


CVE-ID: CVE-2020-26967


Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers

Vendor: Mozilla


The vulnerability allows a remote attacker to introduce an unexpected behavior.

The vulnerability exists due to improper management of internal resources within Mutation Observers. When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 82.0.3


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability