CVE-2020-6814

HIGH

Description

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339

https://usn.ubuntu.com/4328-1/

https://usn.ubuntu.com/4335-1/

https://www.mozilla.org/security/advisories/mfsa2020-08/

https://www.mozilla.org/security/advisories/mfsa2020-09/

https://www.mozilla.org/security/advisories/mfsa2020-10/

Details

Source: MITRE

Published: 2020-03-25

Updated: 2020-04-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (45 total)

ID	Name	Product	Family	Severity
143979	NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)	Nessus	NewStart CGSL Local Security Checks	critical
143948	NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)	Nessus	NewStart CGSL Local Security Checks	critical
141402	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0042)	Nessus	NewStart CGSL Local Security Checks	high
140292	NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0039)	Nessus	NewStart CGSL Local Security Checks	high
140291	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)	Nessus	NewStart CGSL Local Security Checks	high
140283	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)	Nessus	NewStart CGSL Local Security Checks	high
135932	Amazon Linux 2 : thunderbird (ALAS-2020-1414)	Nessus	Amazon Linux Local Security Checks	high
135896	Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)	Nessus	Ubuntu Local Security Checks	high
135455	Ubuntu 18.04 LTS / 19.10 : Thunderbird vulnerabilities (USN-4328-1)	Nessus	Ubuntu Local Security Checks	high
134914	CentOS 6 : thunderbird (CESA-2020:0914)	Nessus	CentOS Local Security Checks	high
134911	CentOS 7 : thunderbird (CESA-2020:0905)	Nessus	CentOS Local Security Checks	high
134901	CentOS 6 : firefox (CESA-2020:0816)	Nessus	CentOS Local Security Checks	high
134900	CentOS 7 : firefox (CESA-2020:0815)	Nessus	CentOS Local Security Checks	high
134886	Oracle Linux 8 : thunderbird (ELSA-2020-0919)	Nessus	Oracle Linux Local Security Checks	high
134869	RHEL 6 : thunderbird (RHSA-2020:0914)	Nessus	Red Hat Local Security Checks	high
134868	RHEL 8 : thunderbird (RHSA-2020:0918)	Nessus	Red Hat Local Security Checks	high
134867	RHEL 8 : thunderbird (RHSA-2020:0919)	Nessus	Red Hat Local Security Checks	high
134848	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200323)	Nessus	Scientific Linux Local Security Checks	high
134838	RHEL 8 : firefox (RHSA-2020:0819)	Nessus	Red Hat Local Security Checks	high
134831	RHEL 7 : thunderbird (RHSA-2020:0905)	Nessus	Red Hat Local Security Checks	high
134823	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-366)	Nessus	SuSE Local Security Checks	high
134772	Debian DSA-4642-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
134767	Debian DLA-2150-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
134756	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0717-1)	Nessus	SuSE Local Security Checks	high
134754	Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200319)	Nessus	Scientific Linux Local Security Checks	high
134753	Oracle Linux 7 : thunderbird (ELSA-2020-0905)	Nessus	Oracle Linux Local Security Checks	high
134667	RHEL 8 : firefox (RHSA-2020:0820)	Nessus	Red Hat Local Security Checks	high
134666	RHEL 6 : firefox (RHSA-2020:0816)	Nessus	Red Hat Local Security Checks	high
134665	RHEL 7 : firefox (RHSA-2020:0815)	Nessus	Red Hat Local Security Checks	high
134647	Scientific Linux Security Update : firefox on SL7.x x86_64 (20200316)	Nessus	Scientific Linux Local Security Checks	high
134646	Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200316)	Nessus	Scientific Linux Local Security Checks	high
134644	Oracle Linux 7 : firefox (ELSA-2020-0815)	Nessus	Oracle Linux Local Security Checks	high
134623	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0686-1)	Nessus	SuSE Local Security Checks	high
134617	openSUSE Security Update : MozillaFirefox (openSUSE-2020-340)	Nessus	SuSE Local Security Checks	high
134616	Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-073-01)	Nessus	Slackware Local Security Checks	high
134587	GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134469	GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134442	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Firefox vulnerabilities (USN-4299-1)	Nessus	Ubuntu Local Security Checks	high
134434	Debian DSA-4639-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
134432	Debian DLA-2140-1 : firefox-esr security update	Nessus	Debian Local Security Checks	high
134407	Mozilla Firefox ESR < 68.6 Multiple Vulnerabilities	Nessus	Windows	high
134406	Mozilla Firefox ESR < 68.6 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
134405	Mozilla Firefox < 74.0 Multiple Vulnerabilities	Nessus	Windows	high
134404	Mozilla Firefox < 74.0 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
134396	Slackware 14.2 / current : mozilla-firefox (SSA:2020-070-01)	Nessus	Slackware Local Security Checks	high