CVE-2020-6819
published 2020-04-24CVE-2020-6819: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild…
PriorityP180high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
2.98%
85.6th percentile
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 74.0.1-1 (sid) | firefox 74.0.1-1 (sid) |
| debian | firefox-esr | < firefox 74.0.1-1 (sid) | firefox 74.0.1-1 (sid) |
| debian | thunderbird | < firefox 74.0.1-1 (sid) | firefox 74.0.1-1 (sid) |
| mozilla | firefox | < 68.6.1 | 68.6.1 |
| mozilla | firefox | < 74.0.1 | 74.0.1 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 74.0.1 | 74.0.1 |
| mozilla | firefox_esr | >= unspecified < 68.6.1 | 68.6.1 |
| mozilla | thunderbird | < 68.7.0 | 68.7.0 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2 | 1:68.7.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.18.04.1 | 1:68.7.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= unspecified < 68.7.0 | 68.7.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-6819 is triggered via a race condition in the nsDocShell destructor (nsDocShell.cpp); detection should focus on use-after-free crashes or anomalous behavior in Firefox/Thunderbird processes involving nsDocShell teardown ↗
- →The root cause is mContentViewer not being released properly during nsDocShell destruction; memory forensics or crash telemetry referencing mContentViewer in nsDocShell.cpp may indicate exploitation ↗
- →Both CVE-2020-6819 and CVE-2020-6820 are use-after-free issues that can lead to RCE; monitor for Firefox/Thunderbird process crashes followed by unexpected child process spawning as a sign of exploitation ↗
- →Exploitation was observed in targeted attacks in the wild prior to patching; alert on unpatched Firefox versions below 74.0.1 and Firefox ESR below 68.6.1 and Thunderbird below 68.7.0 in the environment ↗
- ·No proof-of-concept code was publicly available at the time of disclosure; exploitation details remain limited as researchers withheld full technical details pending patches for other affected browsers ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.1HIGH
cisa8.1HIGH
vendor_ubuntu8.8HIGH
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
cisa·2021-11-03·CVSS 8.1
CVE-2020-6819 [HIGH] CWE-362 Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Vulnerability: Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Affected: Mozilla Firefox and Thunderbird
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-6819
Remediation Due Date: 2022-05-03
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-04-21·CVSS 8.8
CVE-2019-11745 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798,
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-04-13·CVSS 6.5
CVE-2020-6792 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60
and then later set a master password, an unencrypted copy of these
passwords would still be accessible. A local user could exploit this to
obtain sensitive info
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-04-04
CVE-2020-6819 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Two use-after-free bugs were discovered in Firefox. If a user were tricked
in to opening a specially crafted website, an attacker could exploit these
to cause a denial of service or execute arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: Use-after-free while running the nsDocShell destructor
vendor_redhat·2020-04-03·CVSS 8.1
CVE-2020-6819 [HIGH] CWE-416 Mozilla: Use-after-free while running the nsDocShell destructor
Mozilla: Use-after-free while running the nsDocShell destructor
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
A flaw was found in Mozilla Firefox. A race condition can occur while running the nsDocShell destructor causing a use-after-free memory issue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2020-6819: firefox - Under certain conditions, when running the nsDocShell destructor, a race conditi...
vendor_debian·2020·CVSS 8.1
CVE-2020-6819 [HIGH] CVE-2020-6819: firefox - Under certain conditions, when running the nsDocShell destructor, a race conditi...
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Scope: local
sid: resolved (fixed in 74.0.1-1)
Mozilla
Mozilla Foundation Security Advisory 2020-11: CVE-2020-6819
vendor_mozilla·CVSS 8.1
CVE-2020-6819 [HIGH] Mozilla Foundation Security Advisory 2020-11: CVE-2020-6819
Mozilla Foundation Security Advisory 2020-11
CVE: CVE-2020-6819
Product: Firefox, Firefox ESR
Impact: critical
Fixed in: Firefox 74.0.1
Firefox ESR 68.6.1
Mozilla
Mozilla Foundation Security Advisory 2020-14: CVE-2020-6819
vendor_mozilla·CVSS 8.1
CVE-2020-6819 [HIGH] Mozilla Foundation Security Advisory 2020-14: CVE-2020-6819
Mozilla Foundation Security Advisory 2020-14
CVE: CVE-2020-6819
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 68.7
GHSA
GHSA-cv8q-mpvf-42h2: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free
ghsa_unreviewed·2022-05-24
CVE-2020-6819 [MEDIUM] CWE-362 GHSA-cv8q-mpvf-42h2: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
OSV
CVE-2020-6819: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free
osv·2020-04-24·CVSS 8.1
CVE-2020-6819 [HIGH] CVE-2020-6819: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
OSV
thunderbird vulnerabilities
osv·2020-04-21·CVSS 8.8
CVE-2019-11757 [HIGH] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
CVE-2020
OSV
thunderbird vulnerabilities
osv·2020-04-13·CVSS 6.5
CVE-2020-6792 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60
and then later set a master password, an unencrypted copy of these
passwords would still be accessible. A local user could exploit this to
obtain sensitive information. (CVE-2020-6794)
Multiple security issues were discovered i
VulnCheck
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
vulncheck·2020·CVSS 8.1
CVE-2020-6819 [HIGH] CWE-362 Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Affected: Mozilla Firefox and Thunderbird
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
Project0
Project Zero RCA: CVE-2020-6820: Firefox use-after-free in Cache
project_zero·CVSS 8.1
CVE-2020-6820 [HIGH] Project Zero RCA: CVE-2020-6820: Firefox use-after-free in Cache
# CVE-2020-6820: Firefox use-after-free in Cache
*Maddie Stone, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 03 April 2020
**Product:** Mozilla Firefox
**Advisory:** https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
**Affected Versions:** pre-74.0.1
**First Patched Version:** Firefox 74.0.1 and and Firefox ESR 68.6.1
**Issue/Bug Report:** https://bugzilla.mozilla.org/show_bug.cgi?id=1626728
**Patch CL:** https://hg.mozilla.org/mozilla-central/rev/6639deb894172375b05d6791f5f8c7d53ca79723
**Bug-Introducing CL:** Unknown
**Reporter(s):** Francisco Alonso [@revskills](https://twitter.com/revskills) working with Javier Marcos of [@JMPSec](https://twitter.c
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on Apple macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Evgeny Lopatin
- Fedor Sinitsyn
- Denis Parinov
- Oleg Kupreev
- Alexey Kulaev
- Alexander Kolesnikov
IT threat evolution Q2 2020. Review
IT threat evolution Q2 2020. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2:
- Kaspersky solutions blocked 899,744,810 attacks launched from online resources in 191 countries across the globe.
- As many as 286,
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trend highlights
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new modifications
Number of users attacked by miners
Geography of attacks
Vulnerable applications used by cybercriminals during cyberattacks
Attacks on Apple macOS
Threat geography
IoT attacks
IoT threat statistics
Threats loaded into traps
Attacks via web resources
Countries that are sources of web-based attacks: TOP 10
Countries where users faced the greatest risk of online infection
Local threats
Countries where users faced the highest risk of local infection
Authors
Victor
Checkpoint
6th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-06·CVSS 8.8
CVE-2019-17026 [HIGH] 6th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 6th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
A new campaign of the Zeus Sphinx banker is targeting clients of US, Canadian and Australian banks using COVID-19 themed emails. Emails titled “COVID 19 relief” contain password-protected Word documents with malicious macros.
Check Point SandBlast, Anti-Bot and Anti-virus provide protection against this threat (Trojan-B
Tenable
CVE-2020-6819, CVE-2020-6820: Critical Mozilla Firefox Zero-Day Vulnerabilities Exploited in the Wild
blogs_tenable·2020-04-03·CVSS 8.1
[HIGH] CVE-2020-6819, CVE-2020-6820: Critical Mozilla Firefox Zero-Day Vulnerabilities Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
bugzilla·2020-04-04·CVSS 8.1
CVE-2020-6819 [HIGH] CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
As per mozilla upstream advisory:
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Francisco Alonso and Javier Marcos
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:1340 https://access.redhat.com/errata/RHSA-2020:1340
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:13
CWE
Use After Free
mitre_cwe
CWE-416 Use After Free
CWE-416: Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Memory. The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. If chunk consolidation occurs after the use of previously freed data, the process may crash
CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
mitre_cwe
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
A race condition occurs within concurrent environments, and it is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc. A race condition violates these properties, which are closely related: Exclusivity - the code sequence is given exclusive access to the shared resource, i.e., no other code sequence can modify properties
https://bugzilla.mozilla.org/show_bug.cgi?id=1620818https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-11/https://www.mozilla.org/security/advisories/mfsa2020-14/https://bugzilla.mozilla.org/show_bug.cgi?id=1620818https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-11/https://www.mozilla.org/security/advisories/mfsa2020-14/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819
2020-04-24
Published
2021-11-03
Added to CISA KEV
Exploited in the wild