CVE-2020-6800

MEDIUM

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777

https://security.gentoo.org/glsa/202003-02

https://security.gentoo.org/glsa/202003-10

https://usn.ubuntu.com/4278-2/

https://www.mozilla.org/security/advisories/mfsa2020-05/

https://www.mozilla.org/security/advisories/mfsa2020-06/

https://www.mozilla.org/security/advisories/mfsa2020-07/

Details

Source: MITRE

Published: 2020-03-02

Updated: 2020-03-12

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (46 total)

ID	Name	Product	Family	Severity
143979	NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)	Nessus	NewStart CGSL Local Security Checks	critical
143948	NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)	Nessus	NewStart CGSL Local Security Checks	critical
140291	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)	Nessus	NewStart CGSL Local Security Checks	high
140283	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)	Nessus	NewStart CGSL Local Security Checks	high
136909	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0025)	Nessus	NewStart CGSL Local Security Checks	medium
136906	NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0026)	Nessus	NewStart CGSL Local Security Checks	medium
135896	Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)	Nessus	Ubuntu Local Security Checks	high
135455	Ubuntu 18.04 LTS / 19.10 : Thunderbird vulnerabilities (USN-4328-1)	Nessus	Ubuntu Local Security Checks	high
134899	Amazon Linux 2 : thunderbird (ALAS-2020-1408)	Nessus	Amazon Linux Local Security Checks	medium
134587	GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134469	GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134090	CentOS 7 : thunderbird (CESA-2020:0576)	Nessus	CentOS Local Security Checks	medium
134089	CentOS 6 : thunderbird (CESA-2020:0574)	Nessus	CentOS Local Security Checks	medium
134072	Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200224)	Nessus	Scientific Linux Local Security Checks	medium
134071	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200224)	Nessus	Scientific Linux Local Security Checks	medium
134032	RHEL 8 : thunderbird (RHSA-2020:0577)	Nessus	Red Hat Local Security Checks	medium
134031	RHEL 7 : thunderbird (RHSA-2020:0576)	Nessus	Red Hat Local Security Checks	medium
134029	RHEL 6 : thunderbird (RHSA-2020:0574)	Nessus	Red Hat Local Security Checks	medium
134021	Oracle Linux 7 : thunderbird (ELSA-2020-0576)	Nessus	Oracle Linux Local Security Checks	medium
133943	RHEL 8 : thunderbird (RHSA-2020:0565)	Nessus	Red Hat Local Security Checks	medium
133849	Mozilla Firefox ESR < 68.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
133769	CentOS 6 : firefox (CESA-2020:0521)	Nessus	CentOS Local Security Checks	medium
133768	CentOS 7 : firefox (CESA-2020:0520)	Nessus	CentOS Local Security Checks	medium
133762	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0384-1)	Nessus	SuSE Local Security Checks	medium
133761	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0383-1)	Nessus	SuSE Local Security Checks	medium
133760	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-231)	Nessus	SuSE Local Security Checks	medium
133759	openSUSE Security Update : MozillaFirefox (openSUSE-2020-230)	Nessus	SuSE Local Security Checks	medium
133755	Scientific Linux Security Update : firefox on SL7.x x86_64 (20200217)	Nessus	Scientific Linux Local Security Checks	medium
133754	Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200217)	Nessus	Scientific Linux Local Security Checks	medium
133753	RHEL 6 : firefox (RHSA-2020:0521)	Nessus	Red Hat Local Security Checks	medium
133752	RHEL 7 : firefox (RHSA-2020:0520)	Nessus	Red Hat Local Security Checks	medium
133751	RHEL 8 : firefox (RHSA-2020:0519)	Nessus	Red Hat Local Security Checks	medium
133747	RHEL 8 : firefox (RHSA-2020:0512)	Nessus	Red Hat Local Security Checks	medium
133745	Oracle Linux 7 : firefox (ELSA-2020-0520)	Nessus	Oracle Linux Local Security Checks	medium
133732	Debian DSA-4625-1 : thunderbird - security update	Nessus	Debian Local Security Checks	medium
133728	Debian DLA-2104-1 : thunderbird security update	Nessus	Debian Local Security Checks	medium
133715	Ubuntu 18.04 LTS / 19.10 : Firefox vulnerabilities (USN-4278-1)	Nessus	Ubuntu Local Security Checks	medium
133697	Debian DLA-2102-1 : firefox-esr security update	Nessus	Debian Local Security Checks	medium
133693	Mozilla Firefox < 73.0	Nessus	Windows	medium
133692	Mozilla Firefox < 73.0	Nessus	MacOS X Local Security Checks	medium
133691	Mozilla Thunderbird < 68.5	Nessus	Windows	medium
133690	Mozilla Thunderbird < 68.5	Nessus	MacOS X Local Security Checks	medium
133677	Mozilla Firefox ESR < 68.5 Multiple Vulnerabilities	Nessus	Windows	medium
133657	Debian DSA-4620-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	medium
133643	Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-042-02)	Nessus	Slackware Local Security Checks	medium
133642	Slackware 14.2 / current : mozilla-firefox (SSA:2020-042-01)	Nessus	Slackware Local Security Checks	medium