CVE-2020-6819

CVSS 8.1 HIGHEPSS 3.0%● KEVCWE-416

In short

Firefox and Thunderbird have a memory error that happens when the application closes certain internal objects. An attacker can exploit this timing flaw to crash the browser or potentially run malicious code.

Technical detail

A use-after-free vulnerability in the nsDocShell destructor occurs due to a race condition during object cleanup. Exploitation requires specific conditions to be met during browser shutdown; successful exploitation can lead to arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1620818 https://usn.ubuntu.com/4335-1/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819 https://www.mozilla.org/security/advisories/mfsa2020-11/https://www.mozilla.org/security/advisories/mfsa2020-14/