CVE-2020-6825

HIGH

Description

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1572541%2C1620193%2C1620203

https://usn.ubuntu.com/4335-1/

https://www.mozilla.org/security/advisories/mfsa2020-12/

https://www.mozilla.org/security/advisories/mfsa2020-13/

https://www.mozilla.org/security/advisories/mfsa2020-14/

Details

Source: MITRE

Published: 2020-04-24

Updated: 2020-05-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145974CentOS 8 : firefox (CESA-2020:1406)NessusCentOS Local Security Checks
high
145858CentOS 8 : thunderbird (CESA-2020:1495)NessusCentOS Local Security Checks
high
143979NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)NessusNewStart CGSL Local Security Checks
critical
143948NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)NessusNewStart CGSL Local Security Checks
critical
143928NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0064)NessusNewStart CGSL Local Security Checks
critical
143912NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0074)NessusNewStart CGSL Local Security Checks
critical
138776NewStart CGSL MAIN 6.01 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0036)NessusNewStart CGSL Local Security Checks
critical
137246RHEL 8 : firefox (RHSA-2020:1406)NessusRed Hat Local Security Checks
high
137245RHEL 8 : firefox (RHSA-2020:1404)NessusRed Hat Local Security Checks
high
136752Amazon Linux 2 : thunderbird (ALAS-2020-1429)NessusAmazon Linux Local Security Checks
critical
136194CentOS 7 : thunderbird (CESA-2020:1489)NessusCentOS Local Security Checks
high
136017CentOS 6 : thunderbird (CESA-2020:1488)NessusCentOS Local Security Checks
high
136016CentOS 6 : firefox (CESA-2020:1429)NessusCentOS Local Security Checks
high
136007openSUSE Security Update : MozillaThunderbird (openSUSE-2020-544)NessusSuSE Local Security Checks
high
135947GLSA-202004-11 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
high
135845Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200416)NessusScientific Linux Local Security Checks
high
135844Scientific Linux Security Update : firefox on SL7.x x86_64 (20200409)NessusScientific Linux Local Security Checks
high
135747Oracle Linux 8 : thunderbird (ELSA-2020-1495)NessusOracle Linux Local Security Checks
high
135716Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200416)NessusScientific Linux Local Security Checks
high
135715Oracle Linux 7 : thunderbird (ELSA-2020-1489)NessusOracle Linux Local Security Checks
high
135692RHEL 8 : thunderbird (RHSA-2020:1495)NessusRed Hat Local Security Checks
high
135691RHEL 8 : thunderbird (RHSA-2020:1496)NessusRed Hat Local Security Checks
high
135687RHEL 6 : thunderbird (RHSA-2020:1488)NessusRed Hat Local Security Checks
high
135684RHEL 7 : thunderbird (RHSA-2020:1489)NessusRed Hat Local Security Checks
high
135578openSUSE Security Update : MozillaThunderbird (openSUSE-2020-520)NessusSuSE Local Security Checks
high
135575Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200414)NessusScientific Linux Local Security Checks
high
135495Debian DLA-2172-1 : thunderbird security updateNessusDebian Local Security Checks
high
135455Ubuntu 18.04 LTS / 19.10 : Thunderbird vulnerabilities (USN-4328-1)NessusUbuntu Local Security Checks
high
135446openSUSE Security Update : MozillaFirefox (openSUSE-2020-493)NessusSuSE Local Security Checks
high
135431Oracle Linux 7 : firefox (ELSA-2020-1420)NessusOracle Linux Local Security Checks
high
135417Debian DSA-4656-1 : thunderbird - security updateNessusDebian Local Security Checks
high
135415RHEL 6 : firefox (RHSA-2020:1429)NessusRed Hat Local Security Checks
high
135413Mozilla Thunderbird < 68.7.0NessusWindows
high
135412Mozilla Thunderbird < 68.7.0NessusMacOS X Local Security Checks
high
135397SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0978-1)NessusSuSE Local Security Checks
high
135396SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0971-1)NessusSuSE Local Security Checks
high
135380Oracle Linux 8 : firefox (ELSA-2020-1406)NessusOracle Linux Local Security Checks
high
135366Debian DSA-4655-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
135363Debian DLA-2170-1 : firefox-esr security updateNessusDebian Local Security Checks
high
135288RHEL 7 : firefox (RHSA-2020:1420)NessusRed Hat Local Security Checks
high
135284Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : firefox vulnerabilities (USN-4323-1)NessusUbuntu Local Security Checks
high
135280Slackware 14.2 / current : mozilla-firefox (SSA:2020-098-01)NessusSlackware Local Security Checks
high
135276Mozilla Firefox < 75.0 (mfsa2020-12)NessusWindows
high
135275Mozilla Firefox < 75.0 Multiple Vulnerabilities (mfsa2020-12)NessusMacOS X Local Security Checks
high
135274Mozilla Firefox ESR < 68.7 Multiple Vulnerabilities (mfsa2020-13)NessusWindows
high
135273Mozilla Firefox ESR < 68.7 Multiple Vulnerabilities (mfsa2020-13)NessusMacOS X Local Security Checks
high