9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.8%
Severity: Critical
Date : 2020-04-13
CVE-ID : CVE-2020-6815 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1132
The package thunderbird before version 68.7.0-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Upgrade to 68.7.0-1.
The problems have been fixed upstream in version 68.7.0.
None.
Several memory safety and script safety bugs have been found in Firefox
before 74 and Thunderbird before 68.7.0. Some of these bugs showed
evidence of memory corruption or escalation of privilege and Mozilla
presumes that with enough effort some of these could have been
exploited to run arbitrary code.
A use-after-free vulnerability has been found in Firefox before 74.0.1
and Thunderbird before 68.7.0 where under certain conditions, when
running the nsDocShell destructor, a race condition can cause a use-
after-free. Mozilla is aware of targeted attacks in the wild abusing
this flaw.
A use-after-free vulnerability has been found in Firefox before 74.0.1
and Thunderbird before 68.7.0 where, under certain conditions, when
handling a ReadableStream, a race condition can cause a use-after-free.
Mozilla is aware of targeted attacks in the wild abusing this flaw.
An information disclosure issue has been found in Firefox before 75.0
and Thunderbird before 68.7.0. When reading from areas partially or
fully outside the source resource with WebGL’s copyTexSubImage method,
the specification requires the returned values be zero. Previously,
this memory was uninitialized, leading to potentially sensitive data
disclosure.
A remote attacker can access sensitive information or execute arbitrary
code on the affected host.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819
https://bugzilla.mozilla.org/show_bug.cgi?id=1620818
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820
https://bugzilla.mozilla.org/show_bug.cgi?id=1626728
https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
https://bugzilla.mozilla.org/show_bug.cgi?id=1625404
https://security.archlinux.org/CVE-2020-6815
https://security.archlinux.org/CVE-2020-6819
https://security.archlinux.org/CVE-2020-6820
https://security.archlinux.org/CVE-2020-6821
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | thunderbird | < 68.7.0-1 | UNKNOWN |
bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431
bugzilla.mozilla.org/show_bug.cgi?id=1620818
bugzilla.mozilla.org/show_bug.cgi?id=1625404
bugzilla.mozilla.org/show_bug.cgi?id=1626728
security.archlinux.org/AVG-1132
security.archlinux.org/CVE-2020-6815
security.archlinux.org/CVE-2020-6819
security.archlinux.org/CVE-2020-6820
security.archlinux.org/CVE-2020-6821
www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819
www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820
www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
www.mozilla.org/en-US/security/advisories/mfsa2020-14/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.8%