PT-2020-6273 · Mozilla+5 · Firefox+7

Sergei Glazunov

·

Published

2020-03-10

·

Updated

2024-12-12

·

CVE-2020-6806

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 68.6 Firefox versions prior to 74 Firefox ESR versions prior to 68.6
Description The issue is related to an out-of-bounds read off the end of an array resized during script execution, potentially leading to memory corruption and a crash. This could be exploited by a remote attacker to execute arbitrary code. The vulnerability is associated with the BodyStream::OnInputStreamReady component in Mozilla browsers.
Recommendations For Thunderbird versions prior to 68.6, update to version 68.6 or later. For Firefox versions prior to 74, update to version 74 or later. For Firefox ESR versions prior to 68.6, update to version 68.6 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-1461
ALT-PU-2020-1485
ALT-PU-2020-1486
ALT-PU-2020-1493
ALT-PU-2020-1515
ALT-PU-2020-2408
ALT-PU-2020-2933
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-3368
BDU:2021-03817
CESA-2020_0815
CESA-2020_0816
CESA-2020_0820
CESA-2020_0905
CESA-2020_0914
CESA-2020_0919
CVE-2020-6806
DLA-2140-1
DLA-2150-1
DSA-4639-1
DSA-4642-1
MGASA-2020-0141
MGASA-2020-0142
OPENSUSE-SU-2020:0340-1
OPENSUSE-SU-2020:0366-1
OPENSUSE-SU-2020_0340-1
OPENSUSE-SU-2020_0366-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:0815
RHSA-2020:0816
RHSA-2020:0819
RHSA-2020:0820
RHSA-2020:0905
RHSA-2020:0914
RHSA-2020:0918
RHSA-2020:0919
RHSA-2020_0815
RHSA-2020_0816
RHSA-2020_0820
RHSA-2020_0905
RHSA-2020_0914
RHSA-2020_0919
SUSE-SU-2020:0686-1
SUSE-SU-2020:0717-1
SUSE-SU-2020:0721-1
SUSE-SU-2020:14312-1
USN-4299-1
USN-4328-1
USN-4335-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu