PT-2020-19235 · Mozilla+5 · Firefox+7

C.M.Chang

·

Published

2020-03-10

·

Updated

2024-12-12

·

CVE-2020-6807

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 68.6 Firefox versions prior to 74 Firefox ESR versions prior to 68.6
Description The issue occurs when a device is changed while a stream is about to be destroyed, potentially leading to a use-after-free and a crash.
Recommendations For Thunderbird versions prior to 68.6, update to version 68.6 or later. For Firefox versions prior to 74, update to version 74 or later. For Firefox ESR versions prior to 68.6, update to version 68.6 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1461
ALT-PU-2020-1485
ALT-PU-2020-1486
ALT-PU-2020-1493
ALT-PU-2020-1515
ALT-PU-2020-2408
ALT-PU-2020-2933
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-3368
CESA-2020_0815
CESA-2020_0816
CESA-2020_0820
CESA-2020_0905
CESA-2020_0914
CESA-2020_0919
CVE-2020-6807
DLA-2140-1
DLA-2150-1
DSA-4639-1
DSA-4642-1
MGASA-2020-0141
MGASA-2020-0142
OPENSUSE-SU-2020:0340-1
OPENSUSE-SU-2020:0366-1
OPENSUSE-SU-2020_0340-1
OPENSUSE-SU-2020_0366-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:0815
RHSA-2020:0816
RHSA-2020:0819
RHSA-2020:0820
RHSA-2020:0905
RHSA-2020:0914
RHSA-2020:0918
RHSA-2020:0919
RHSA-2020_0815
RHSA-2020_0816
RHSA-2020_0820
RHSA-2020_0905
RHSA-2020_0914
RHSA-2020_0919
SUSE-SU-2020:0686-1
SUSE-SU-2020:0717-1
SUSE-SU-2020:0721-1
SUSE-SU-2020:14312-1
USN-4299-1
USN-4328-1
USN-4335-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu