Your submission was sent successfully! Close

CVE-2020-6820

Published: 3 April 2020

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

Priority

High

CVSS 3 base score: 8.1

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
bionic
Released (74.0.1+build1-0ubuntu0.18.04.1)
eoan
Released (74.0.1+build1-0ubuntu0.19.10.1)
focal
Released (75.0+build3-0ubuntu1)
precise Does not exist

trusty Does not exist

upstream
Released (74.0.1)
xenial
Released (74.0.1+build1-0ubuntu0.16.04.1)
thunderbird
Launchpad, Ubuntu, Debian
bionic
Released (1:68.7.0+build1-0ubuntu0.18.04.1)
eoan
Released (1:68.7.0+build1-0ubuntu0.19.10.1)
focal
Released (1:68.7.0+build1-0ubuntu1)
precise Does not exist

trusty Does not exist

upstream
Released (68.7.0)
xenial
Released (1:68.7.0+build1-0ubuntu0.16.04.2)