CVE-2020-6796 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write11 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR

Timeline

PublishedMar 2

Latest updateMay 24

Description

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5mozilla/firefoxunspecified — 73+1

▶NVDmozilla/firefox< 73.0

▶NVDmozilla/firefox_esr< 68.5.0

🔴Vulnerability Details

GHSA

GHSA-mx5h-crf7-xxv9: A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write↗2022-05-24

▶

CVEList

CVE-2020-6796: A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write↗2020-03-02

▶

OSV

CVE-2020-6796: A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write↗2020-03-02

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2020-02-26

▶

Ubuntu

Firefox vulnerabilities↗2020-02-13

▶

Red Hat

Mozilla: Missing bounds check on shared memory read in the parent process↗2020-02-11

▶

Debian

CVE-2020-6796: firefox - A content process could have modified shared memory relating to crash reporting ...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-06: CVE-2020-6796↗

▶

💬Community

Bugzilla

CVE-2020-6796 Mozilla: Missing bounds check on shared memory read in the parent process↗2020-02-11

▶