CVE-2020-6814

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

References

https://www.mozilla.org/security/advisories/mfsa2020-10/

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339

https://www.mozilla.org/security/advisories/mfsa2020-08/

https://www.mozilla.org/security/advisories/mfsa2020-09/

https://usn.ubuntu.com/4328-1/

https://usn.ubuntu.com/4335-1/

Details

Source: MITRE

Published: 2020-03-25

Updated: 2021-07-21

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
150547SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14312-1)NessusSuSE Local Security Checks
critical
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145948CentOS 8 : thunderbird (CESA-2020:0919)NessusCentOS Local Security Checks
critical
145866CentOS 8 : firefox (CESA-2020:0820)NessusCentOS Local Security Checks
critical
143979NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)NessusNewStart CGSL Local Security Checks
critical
143948NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)NessusNewStart CGSL Local Security Checks
critical
141402NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0042)NessusNewStart CGSL Local Security Checks
critical
140292NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0039)NessusNewStart CGSL Local Security Checks
critical
140291NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)NessusNewStart CGSL Local Security Checks
critical
140283NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)NessusNewStart CGSL Local Security Checks
critical
135932Amazon Linux 2 : thunderbird (ALAS-2020-1414)NessusAmazon Linux Local Security Checks
critical
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
critical
135455Ubuntu 18.04 LTS / 19.10 : Thunderbird vulnerabilities (USN-4328-1)NessusUbuntu Local Security Checks
critical
134914CentOS 6 : thunderbird (CESA-2020:0914)NessusCentOS Local Security Checks
critical
134911CentOS 7 : thunderbird (CESA-2020:0905)NessusCentOS Local Security Checks
critical
134901CentOS 6 : firefox (CESA-2020:0816)NessusCentOS Local Security Checks
critical
134900CentOS 7 : firefox (CESA-2020:0815)NessusCentOS Local Security Checks
critical
134886Oracle Linux 8 : thunderbird (ELSA-2020-0919)NessusOracle Linux Local Security Checks
critical
134869RHEL 6 : thunderbird (RHSA-2020:0914)NessusRed Hat Local Security Checks
critical
134868RHEL 8 : thunderbird (RHSA-2020:0918)NessusRed Hat Local Security Checks
critical
134867RHEL 8 : thunderbird (RHSA-2020:0919)NessusRed Hat Local Security Checks
critical
134848Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200323)NessusScientific Linux Local Security Checks
critical
134838RHEL 8 : firefox (RHSA-2020:0819)NessusRed Hat Local Security Checks
critical
134831RHEL 7 : thunderbird (RHSA-2020:0905)NessusRed Hat Local Security Checks
critical
134823openSUSE Security Update : MozillaThunderbird (openSUSE-2020-366)NessusSuSE Local Security Checks
critical
134772Debian DSA-4642-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
134767Debian DLA-2150-1 : thunderbird security updateNessusDebian Local Security Checks
critical
134756SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0717-1)NessusSuSE Local Security Checks
critical
134754Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200319)NessusScientific Linux Local Security Checks
critical
134753Oracle Linux 7 : thunderbird (ELSA-2020-0905)NessusOracle Linux Local Security Checks
critical
134667RHEL 8 : firefox (RHSA-2020:0820)NessusRed Hat Local Security Checks
critical
134666RHEL 6 : firefox (RHSA-2020:0816)NessusRed Hat Local Security Checks
critical
134665RHEL 7 : firefox (RHSA-2020:0815)NessusRed Hat Local Security Checks
critical
134647Scientific Linux Security Update : firefox on SL7.x x86_64 (20200316)NessusScientific Linux Local Security Checks
critical
134646Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200316)NessusScientific Linux Local Security Checks
critical
134644Oracle Linux 7 : firefox (ELSA-2020-0815)NessusOracle Linux Local Security Checks
critical
134623SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0686-1)NessusSuSE Local Security Checks
critical
134617openSUSE Security Update : MozillaFirefox (openSUSE-2020-340)NessusSuSE Local Security Checks
critical
134616Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-073-01)NessusSlackware Local Security Checks
critical
134587GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
134469GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
134442Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Firefox vulnerabilities (USN-4299-1)NessusUbuntu Local Security Checks
critical
134434Debian DSA-4639-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
134432Debian DLA-2140-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
134407Mozilla Firefox ESR < 68.6 Multiple VulnerabilitiesNessusWindows
critical
134406Mozilla Firefox ESR < 68.6 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
134405Mozilla Firefox < 74.0 Multiple VulnerabilitiesNessusWindows
critical
134404Mozilla Firefox < 74.0 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
134396Slackware 14.2 / current : mozilla-firefox (SSA:2020-070-01)NessusSlackware Local Security Checks
critical