PT-2020-6750 · Mozilla+5 · Firefox+7
Deian Stefan
·
Published
2019-12-03
·
Updated
2024-12-12
·
CVE-2020-6822
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Thunderbird versions prior to 68.7.0
Firefox ESR versions prior to 68.7
Firefox versions prior to 75
Description
The issue is related to an out of bounds write that could occur when processing an image larger than 4 GB in
GMPDecodeData. This could potentially be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, which may allow a remote attacker to execute arbitrary code using a specially crafted image.Recommendations
For Thunderbird versions prior to 68.7.0, update to version 68.7.0 or later.
For Firefox ESR versions prior to 68.7, update to version 68.7 or later.
For Firefox versions prior to 75, update to version 75 or later.
Exploit
Fix
Buffer Overflow
Incorrect Default Permissions
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu