Bug 1812205 (CVE-2020-6814) - CVE-2020-6814 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
Summary: CVE-2020-6814 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-6814
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1809421 1809422 1809423 1809424 1809425 1809426 1813109 1813110 1813111 1813112 1813113 1813114
Blocks: 1809419
TreeView+ depends on / blocked
 
Reported: 2020-03-10 18:43 UTC by msiddiqu
Modified: 2021-02-16 20:29 UTC (History)
5 users (show)

Fixed In Version: firefox 68.6, thunderbird 68.6
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2020-03-16 10:32:12 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0815 0 None None None 2020-03-16 09:16:24 UTC
Red Hat Product Errata RHSA-2020:0816 0 None None None 2020-03-16 09:47:01 UTC
Red Hat Product Errata RHSA-2020:0819 0 None None None 2020-03-16 10:45:45 UTC
Red Hat Product Errata RHSA-2020:0820 0 None None None 2020-03-16 13:38:41 UTC
Red Hat Product Errata RHSA-2020:0905 0 None None None 2020-03-19 11:49:39 UTC
Red Hat Product Errata RHSA-2020:0914 0 None None None 2020-03-23 08:48:54 UTC
Red Hat Product Errata RHSA-2020:0918 0 None None None 2020-03-23 08:31:01 UTC
Red Hat Product Errata RHSA-2020:0919 0 None None None 2020-03-23 08:39:30 UTC

Description msiddiqu 2020-03-10 18:43:49 UTC
Mozilla developers and community members reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.


External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814

Comment 1 msiddiqu 2020-03-10 18:43:53 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Byron Campen, Jason Kratzer, Christian Holler

Comment 2 errata-xmlrpc 2020-03-16 09:16:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0815

Comment 3 errata-xmlrpc 2020-03-16 09:46:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0816

Comment 4 Product Security DevOps Team 2020-03-16 10:32:12 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6814

Comment 5 errata-xmlrpc 2020-03-16 10:45:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0819

Comment 6 errata-xmlrpc 2020-03-16 13:38:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0820

Comment 7 errata-xmlrpc 2020-03-19 11:49:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0905 https://access.redhat.com/errata/RHSA-2020:0905

Comment 8 errata-xmlrpc 2020-03-23 08:30:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0918 https://access.redhat.com/errata/RHSA-2020:0918

Comment 9 errata-xmlrpc 2020-03-23 08:39:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0919 https://access.redhat.com/errata/RHSA-2020:0919

Comment 10 errata-xmlrpc 2020-03-23 08:48:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0914 https://access.redhat.com/errata/RHSA-2020:0914


Note You need to log in before you can comment on or make changes to this bug.