CVE-2020-6814 — Out-of-bounds Write in Mozilla Firefox

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	firefox	< firefox 74.0-1 (sid)	firefox 74.0-1 (sid)
debian	firefox-esr	< firefox 74.0-1 (sid)	firefox 74.0-1 (sid)
debian	thunderbird	< firefox 74.0-1 (sid)	firefox 74.0-1 (sid)
mozilla	firefox	< 74.0	74.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 74.0+build3-0ubuntu0.16.04.1	74.0+build3-0ubuntu0.16.04.1
mozilla	firefox	>= 0 < 74.0+build3-0ubuntu0.18.04.1	74.0+build3-0ubuntu0.18.04.1
mozilla	firefox	>= unspecified < 74	74
mozilla	firefox	>= unspecified < ESR68.6	ESR68.6
mozilla	firefox_esr	< 68.6.0	68.6.0
mozilla	firefox_esr	>= unspecified < 68.6	68.6
mozilla	thunderbird	< 68.6.0	68.6.0
mozilla	thunderbird	>= 0 < 1:68.6.0-1	1:68.6.0-1
mozilla	thunderbird	>= 0 < 1:68.6.0-1	1:68.6.0-1
mozilla	thunderbird	>= 0 < 1:68.6.0-1	1:68.6.0-1
mozilla	thunderbird	>= 0 < 1:68.6.0-1	1:68.6.0-1
mozilla	thunderbird	>= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2	1:68.7.0+build1-0ubuntu0.16.04.2
mozilla	thunderbird	>= 0 < 1:68.7.0+build1-0ubuntu0.18.04.1	1:68.7.0+build1-0ubuntu0.18.04.1
mozilla	thunderbird	>= unspecified < 68.6	68.6

GHSA

GHSA-36f2-2h7g-5h9g: Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68

ghsa_unreviewed·2022-05-24

CVE-2020-6814 [HIGH] CWE-119 GHSA-36f2-2h7g-5h9g: Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

OSV

thunderbird vulnerabilities

osv·2020-04-21·CVSS 8.8

CVE-2019-11757 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020

OSV

thunderbird vulnerabilities

osv·2020-04-13·CVSS 6.5

CVE-2020-6792 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) Multiple security issues were discovered i

OSV

CVE-2020-6814: Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68

osv·2020-03-25·CVSS 9.8

CVE-2020-6814 [CRITICAL] CVE-2020-6814: Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

OSV

firefox vulnerabilities

osv·2020-03-11·CVSS 6.5

CVE-2019-20503 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815) It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6809) It was discovered that the

Oracle

Oracle Oracle Supply Chain Risk Matrix: Install (Apache Groovy) — CVE-2016-6814

vendor_oracle·2020-07-15·CVSS 9.6

CVE-2016-6814 [CRITICAL] Oracle Oracle Supply Chain Risk Matrix: Install (Apache Groovy) — CVE-2016-6814 Oracle Oracle Supply Chain Risk Matrix: Install (Apache Groovy) vulnerability CVE: CVE-2016-6814 CVSS: 9.6 Protocol: HTTP Remote exploit: Yes Affected versions: Network Advisory: cpujul2020 (JUL 2020)

Ubuntu

Thunderbird vulnerabilities

vendor_ubuntu·2020-04-21·CVSS 8.8

CVE-2019-11745 [HIGH] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798,

Ubuntu

Thunderbird vulnerabilities

vendor_ubuntu·2020-04-13·CVSS 6.5

CVE-2020-6792 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive info

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2020-03-11·CVSS 6.5

CVE-2019-20503 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815) It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, an attac

Red Hat

Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6

vendor_redhat·2020-03-10·CVSS 9.8

CVE-2020-6814 [CRITICAL] CWE-120 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Package: firefox (Red Hat Enterprise Linux

Oracle

Oracle Oracle Supply Chain Risk Matrix: CAX Client (Apache Groovy) — CVE-2016-6814

vendor_oracle·2020-01-15·CVSS 9.6

CVE-2016-6814 [CRITICAL] Oracle Oracle Supply Chain Risk Matrix: CAX Client (Apache Groovy) — CVE-2016-6814 Oracle Oracle Supply Chain Risk Matrix: CAX Client (Apache Groovy) vulnerability CVE: CVE-2016-6814 CVSS: 9.6 Protocol: HTTP Remote exploit: Yes Affected versions: Network Advisory: cpujan2020 (JAN 2020)

Debian

CVE-2020-6814: firefox - Mozilla developers reported memory safety bugs present in Firefox and Thunderbir...

vendor_debian·2020·CVSS 9.8

CVE-2020-6814 [CRITICAL] CVE-2020-6814: firefox - Mozilla developers reported memory safety bugs present in Firefox and Thunderbir... Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0-1)

Mozilla

Mozilla Foundation Security Advisory 2020-09: CVE-2020-6814

vendor_mozilla·CVSS 9.8

CVE-2020-6814 [CRITICAL] Mozilla Foundation Security Advisory 2020-09: CVE-2020-6814 Mozilla Foundation Security Advisory 2020-09 CVE: CVE-2020-6814 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 68.6

Mozilla

Mozilla Foundation Security Advisory 2020-08: CVE-2020-6814

vendor_mozilla·CVSS 9.8

CVE-2020-6814 [CRITICAL] Mozilla Foundation Security Advisory 2020-08: CVE-2020-6814 Mozilla Foundation Security Advisory 2020-08 CVE: CVE-2020-6814 Product: Firefox Impact: high Fixed in: Firefox 74

Mozilla

Mozilla Foundation Security Advisory 2020-10: CVE-2020-6814

vendor_mozilla·CVSS 9.8

CVE-2020-6814 [CRITICAL] Mozilla Foundation Security Advisory 2020-10: CVE-2020-6814 Mozilla Foundation Security Advisory 2020-10 CVE: CVE-2020-6814 Product: Thunderbird Impact: high Fixed in: Thunderbird 68.6

CVE-2020-6814: Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume…

Affected

CVSS provenance