CVE-2020-6819 vulnerability in Mozilla Products
Published on April 24, 2020
Known Exploited Vulnerability
This Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2020-6819 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2020-6819 has been classified to as a Race Condition vulnerability or weakness.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2020-6819 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2020-6819
You can be notified by stack.watch whenever vulnerabilities like CVE-2020-6819 are published in these products:
What versions are vulnerable to CVE-2020-6819?
-
Mozilla Thunderbird
Fixed in Version 68.7.0
-
Mozilla Firefox
Fixed in Version 74.0.1
-
Mozilla FireFox Extended Support Release (ESR)
Fixed in Version 68.6.1