CVE-2020-6819
CVSS v3.1
8.1 (High)
CVSS v2.0
6.8 (Medium)
EPSS
3.37 % (92th)
Affected Products
3
Advisories
32
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-04-24 16:15:13
(4 years ago) - Updated Date
-
2024-02-02 16:44:00
(7 months ago)
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2020-6819
- Vendor
- Mozilla
- Product
- Firefox and Thunderbird
- In CISA Catalog from
-
2021-11-03
(2 years ago) - Due Date
-
2022-05-03
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...