Vulnerability CVE-2020-6814: Information

Description

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-6814

Published: March 26, 2020

Modified: April 18, 2022

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	74.0-alt1	126.0.1-alt1	ALT-PU-2020-1486-1	247871	Fixed
firefox	p10	74.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2020-1486-1	247871	Fixed
firefox	p9	80.0.1-alt0.1.p9	105.0.1-alt0.c9.1	ALT-PU-2020-3442-1	262506	Fixed
firefox	c10f1	74.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2020-1486-1	247871	Fixed
firefox	c9f2	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2021-3368-1	288792	Fixed
firefox	p11	74.0-alt1	126.0.1-alt1	ALT-PU-2020-1486-1	247871	Fixed
firefox-esr	sisyphus	68.6.0-alt1	115.11.0-alt1	ALT-PU-2020-1461-1	247676	Fixed
firefox-esr	p10	68.6.0-alt1	115.11.0-alt1	ALT-PU-2020-1461-1	247676	Fixed
firefox-esr	p9	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1493-1	247748	Fixed
firefox-esr	c10f1	68.6.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2020-1461-1	247676	Fixed
firefox-esr	c9f2	78.7.1-alt0.1.c9	102.12.0-alt0.c9.1	ALT-PU-2021-1368-1	264611	Fixed
firefox-esr	p11	68.6.0-alt1	115.11.0-alt1	ALT-PU-2020-1461-1	247676	Fixed
thunderbird	sisyphus	68.6.0-alt1	115.9.0-alt1	ALT-PU-2020-1485-1	247831	Fixed
thunderbird	p10	68.6.0-alt1	115.9.0-alt1	ALT-PU-2020-1485-1	247831	Fixed
thunderbird	p9	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1515-1	245787	Fixed
thunderbird	c10f1	68.6.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2020-1485-1	247831	Fixed
thunderbird	c9f2	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1515-1	245787	Fixed
thunderbird	p11	68.6.0-alt1	115.9.0-alt1	ALT-PU-2020-1485-1	247831	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2020-10/	Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-08/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-09/	Vendor Advisory
USN-4328-1	Third Party Advisory
USN-4335-1	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  68.6.0
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  68.6.0
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  74.0
  
  Configuration 2
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Version: v24.5.3

Vulnerability CVE-2020-6814: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2