← back
CVE-2020-6820

CVE-2020-6820

CVSS 8.1 HIGHEPSS 6.3%● KEVCWE-362
In short

A race condition in ReadableStream handling can cause Firefox or Thunderbird to crash or run malicious code when processing certain data. Attackers are already using this flaw to target users.

Technical detail

A race condition in ReadableStream processing allows use-after-free memory access under specific timing conditions. Exploitation requires a crafted input processed by the vulnerable component; successful exploitation can lead to arbitrary code execution or denial of service.

Summary generated and translated by AI from the official description.
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1626728https://usn.ubuntu.com/4335-1/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6820https://www.mozilla.org/security/advisories/mfsa2020-11/https://www.mozilla.org/security/advisories/mfsa2020-14/