Bug 1801920 (CVE-2020-6800)

Summary: CVE-2020-6800 Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: cschalle, gecko-bugs-nobody, jhorak, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 68.5, thunderbird 68.5 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-17 14:13:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1798931, 1798932, 1798933, 1798934, 1798935, 1798936, 1801946, 1801947, 1801948, 1801949, 1801950, 1801951    
Bug Blocks: 1798927    

Description Doran Moppert 2020-02-11 22:42:15 UTC 
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.


External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800
Comment 1 Doran Moppert 2020-02-11 22:42:18 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Raul Gurzau, Tyson Smith, Bob Clary, Liz Henry, Christian Holler
Comment 2 errata-xmlrpc 2020-02-17 08:30:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0512 https://access.redhat.com/errata/RHSA-2020:0512
Comment 3 errata-xmlrpc 2020-02-17 09:54:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0519 https://access.redhat.com/errata/RHSA-2020:0519
Comment 4 errata-xmlrpc 2020-02-17 12:21:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0521 https://access.redhat.com/errata/RHSA-2020:0521
Comment 5 errata-xmlrpc 2020-02-17 12:36:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0520 https://access.redhat.com/errata/RHSA-2020:0520
Comment 6 Product Security DevOps Team 2020-02-17 14:13:16 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6800
Comment 7 errata-xmlrpc 2020-02-20 22:15:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0565 https://access.redhat.com/errata/RHSA-2020:0565
Comment 8 errata-xmlrpc 2020-02-24 12:16:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0577 https://access.redhat.com/errata/RHSA-2020:0577
Comment 9 errata-xmlrpc 2020-02-24 12:31:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0574 https://access.redhat.com/errata/RHSA-2020:0574
Comment 10 errata-xmlrpc 2020-02-24 12:48:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0576 https://access.redhat.com/errata/RHSA-2020:0576