CVE-2020-6814

HIGH

Description

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339

https://usn.ubuntu.com/4328-1/

https://usn.ubuntu.com/4335-1/

https://www.mozilla.org/security/advisories/mfsa2020-08/

https://www.mozilla.org/security/advisories/mfsa2020-09/

https://www.mozilla.org/security/advisories/mfsa2020-10/

Details

Source: MITRE

Published: 2020-03-25

Updated: 2020-04-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145948CentOS 8 : thunderbird (CESA-2020:0919)NessusCentOS Local Security Checks
high
145866CentOS 8 : firefox (CESA-2020:0820)NessusCentOS Local Security Checks
high
143979NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)NessusNewStart CGSL Local Security Checks
critical
143948NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)NessusNewStart CGSL Local Security Checks
critical
141402NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0042)NessusNewStart CGSL Local Security Checks
high
140292NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0039)NessusNewStart CGSL Local Security Checks
high
140291NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)NessusNewStart CGSL Local Security Checks
high
140283NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)NessusNewStart CGSL Local Security Checks
high
135932Amazon Linux 2 : thunderbird (ALAS-2020-1414)NessusAmazon Linux Local Security Checks
high
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
high
135455Ubuntu 18.04 LTS / 19.10 : Thunderbird vulnerabilities (USN-4328-1)NessusUbuntu Local Security Checks
high
134914CentOS 6 : thunderbird (CESA-2020:0914)NessusCentOS Local Security Checks
high
134911CentOS 7 : thunderbird (CESA-2020:0905)NessusCentOS Local Security Checks
high
134901CentOS 6 : firefox (CESA-2020:0816)NessusCentOS Local Security Checks
high
134900CentOS 7 : firefox (CESA-2020:0815)NessusCentOS Local Security Checks
high
134886Oracle Linux 8 : thunderbird (ELSA-2020-0919)NessusOracle Linux Local Security Checks
high
134869RHEL 6 : thunderbird (RHSA-2020:0914)NessusRed Hat Local Security Checks
high
134868RHEL 8 : thunderbird (RHSA-2020:0918)NessusRed Hat Local Security Checks
high
134867RHEL 8 : thunderbird (RHSA-2020:0919)NessusRed Hat Local Security Checks
high
134848Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200323)NessusScientific Linux Local Security Checks
high
134838RHEL 8 : firefox (RHSA-2020:0819)NessusRed Hat Local Security Checks
high
134831RHEL 7 : thunderbird (RHSA-2020:0905)NessusRed Hat Local Security Checks
high
134823openSUSE Security Update : MozillaThunderbird (openSUSE-2020-366)NessusSuSE Local Security Checks
high
134772Debian DSA-4642-1 : thunderbird - security updateNessusDebian Local Security Checks
high
134767Debian DLA-2150-1 : thunderbird security updateNessusDebian Local Security Checks
high
134756SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0717-1)NessusSuSE Local Security Checks
high
134754Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200319)NessusScientific Linux Local Security Checks
high
134753Oracle Linux 7 : thunderbird (ELSA-2020-0905)NessusOracle Linux Local Security Checks
high
134667RHEL 8 : firefox (RHSA-2020:0820)NessusRed Hat Local Security Checks
high
134666RHEL 6 : firefox (RHSA-2020:0816)NessusRed Hat Local Security Checks
high
134665RHEL 7 : firefox (RHSA-2020:0815)NessusRed Hat Local Security Checks
high
134647Scientific Linux Security Update : firefox on SL7.x x86_64 (20200316)NessusScientific Linux Local Security Checks
high
134646Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200316)NessusScientific Linux Local Security Checks
high
134644Oracle Linux 7 : firefox (ELSA-2020-0815)NessusOracle Linux Local Security Checks
high
134623SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0686-1)NessusSuSE Local Security Checks
high
134617openSUSE Security Update : MozillaFirefox (openSUSE-2020-340)NessusSuSE Local Security Checks
high
134616Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-073-01)NessusSlackware Local Security Checks
high
134587GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
134469GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
134442Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Firefox vulnerabilities (USN-4299-1)NessusUbuntu Local Security Checks
high
134434Debian DSA-4639-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
134432Debian DLA-2140-1 : firefox-esr security updateNessusDebian Local Security Checks
high
134407Mozilla Firefox ESR < 68.6 Multiple VulnerabilitiesNessusWindows
high
134406Mozilla Firefox ESR < 68.6 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
134405Mozilla Firefox < 74.0 Multiple VulnerabilitiesNessusWindows
high
134404Mozilla Firefox < 74.0 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
134396Slackware 14.2 / current : mozilla-firefox (SSA:2020-070-01)NessusSlackware Local Security Checks
high