By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq19.10
ubuntu_linuxeq16.04
firefoxlt74.0
firefox_esrlt68.6.0
thunderbirdlt68.6.0

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	19.10
ubuntu_linux	eq	16.04
firefox	lt	74.0
firefox_esr	lt	68.6.0
thunderbird	lt	68.6.0

References

packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html

bugzilla.mozilla.org/show_bug.cgi?id=1612308

usn.ubuntu.com/4328-1/

usn.ubuntu.com/4335-1/

www.mozilla.org/security/advisories/mfsa2020-08/

www.mozilla.org/security/advisories/mfsa2020-09/

www.mozilla.org/security/advisories/mfsa2020-10/

cve 1

redhatcve 1

veracode 1

checkpoint_advisories 1

alpinelinux 1

cvelist 1

ubuntucve 1

nvd 1

debiancve 1

ibm 2

oraclelinux 6

nessus 54

openvas 27

altlinux 2

centos 4

redhat 8

debian 4

suse 2

mageia 2

osv 4

amazon 1

mozilla 3

kaspersky 3

archlinux 2

slackware 2

ubuntu 3

gentoo 2

cve

CVE-2020-6806

2020-03-25 22:15:12

redhatcve

CVE-2020-6806

2020-03-10 21:40:49

veracode

Denial Of Service (DoS)

2020-03-18 00:55:39

checkpoint_advisories

Mozilla Firefox Memory Corruption (CVE-2020-6806)

2020-12-23 00:00:00

alpinelinux

CVE-2020-6806

2020-03-25 22:15:12

cvelist

CVE-2020-6806

2020-03-25 21:14:05

ubuntucve

CVE-2020-6806

2020-03-11 00:00:00

nvd

CVE-2020-6806

2020-03-25 22:15:12

debiancve

CVE-2020-6806

2020-03-25 22:15:12

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.1.0

2020-06-09 03:43:53

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management

2022-07-21 13:27:42

oraclelinux

firefox security update

2020-03-16 00:00:00

thunderbird security update

2020-03-20 00:00:00

firefox security update

2020-03-17 00:00:00

nessus

Mozilla Firefox ESR < 68.6 Multiple Vulnerabilities

2020-03-11 00:00:00

RHEL 6 : firefox (RHSA-2020:0816)

2020-03-18 00:00:00

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0717-1)

2020-03-20 00:00:00

openvas

CentOS: Security Advisory for thunderbird (CESA-2020:0905)

2020-03-26 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:0686-1)

2021-06-09 00:00:00

Mozilla Firefox ESR Security Advisories (MFSA2020-08, MFSA2020-09) - Windows

2020-03-12 00:00:00

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 68.6.0-alt1

2020-03-10 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 68.6.0-alt1

2020-03-14 00:00:00

centos

firefox security update

2020-03-25 19:19:48

firefox security update

2020-03-25 19:17:41

thunderbird security update

2020-03-25 19:17:21

redhat

(RHSA-2020:0815) Important: firefox security update

2020-03-16 08:03:05

(RHSA-2020:0820) Important: firefox security update

2020-03-16 10:34:23

(RHSA-2020:0905) Important: thunderbird security update

2020-03-19 11:09:44

debian

[SECURITY] [DLA 2150-1] thunderbird security update

2020-03-20 10:00:10

[SECURITY] [DSA 4639-1] firefox-esr security update

2020-03-11 19:17:38

[SECURITY] [DLA 2140-1] firefox-esr security update

2020-03-11 21:34:36

suse

Security update for MozillaThunderbird (important)

2020-03-22 00:00:00

Security update for MozillaFirefox (important)

2020-03-14 00:00:00

mageia

Updated thunderbird packages fix security vulnerabilities

2020-03-14 11:35:35

Updated firefox packages fix security vulnerabilities

2020-03-14 11:35:35

osv

firefox-esr - security update

2020-03-11 00:00:00

firefox-esr - security update

2020-03-11 00:00:00

thunderbird - security update

2020-03-19 00:00:00

amazon

Important: thunderbird

2020-04-20 20:48:00

mozilla

Security Vulnerabilities fixed in Thunderbird 68.6 — Mozilla

2020-03-10 00:00:00

Security Vulnerabilities fixed in Firefox ESR 68.6 — Mozilla

2020-03-10 00:00:00

Security Vulnerabilities fixed in Firefox 74 — Mozilla

2020-03-10 00:00:00

kaspersky

KLA11701 Multiple vulnerabilities in Mozilla Thunderbird

2020-03-10 00:00:00

KLA11688 Multiple vulnerabilities in Mozilla Firefox ESR

2020-03-10 00:00:00

KLA11691 Multiple vulnerabilities in Mozilla Firefox

2020-02-12 00:00:00

archlinux

[ASA-202003-11] thunderbird: multiple issues

2020-03-16 00:00:00

[ASA-202003-8] firefox: multiple issues

2020-03-11 00:00:00

slackware

[slackware-security] mozilla-thunderbird

2020-03-13 21:47:41

[slackware-security] mozilla-firefox

2020-03-10 20:37:32

ubuntu

Firefox vulnerabilities

2020-03-11 00:00:00

Thunderbird vulnerabilities

2020-04-13 00:00:00

Thunderbird vulnerabilities

2020-04-21 00:00:00

gentoo

Mozilla Firefox: Multiple vulnerabilities

2020-03-12 00:00:00

Mozilla Thunderbird: Multiple vulnerabilities

2020-03-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

AI Score

Confidence

High

0.526 Medium

EPSS

Percentile

97.6%

JSON

Related for PRION:CVE-2020-6806