Vulnerability-Lookup

CVE-2020-6822 (GCVE-0-2020-6822)

Vulnerability from cvelistv5 – Published: 2020-04-24 15:54 – Updated: 2024-08-04 09:11

Summary

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

Severity ?

No CVSS data available.

CWE

Out of bounds write in GMPDecodeData when processing large images

Assigner

mozilla

References

5 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1544181	x_refsource_MISC
https://usn.ubuntu.com/4335-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

3 products

Vendor	Product	Version
Mozilla	Thunderbird	Affected: unspecified , < 68.7.0 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 68.7 (custom)
Mozilla	Firefox	Affected: unspecified , < 75 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:05.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
          },
          {
            "name": "USN-4335-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4335-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.7.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "75",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds write in GMPDecodeData when processing large images",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T02:06:55.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
        },
        {
          "name": "USN-4335-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4335-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-6822",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "75"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out of bounds write in GMPDecodeData when processing large images"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-13/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-12/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-14/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
            },
            {
              "name": "USN-4335-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4335-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-6822",
    "datePublished": "2020-04-24T15:54:39.000Z",
    "dateReserved": "2020-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:11:05.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-6822",
      "date": "2026-05-19",
      "epss": "0.00817",
      "percentile": "0.74548"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"75.0\", \"matchCriteriaId\": \"925D894A-1609-43FB-94FE-84B3EAB9CE72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.7.0\", \"matchCriteriaId\": \"D5D6475F-6C46-4BF0-B372-900A5B9FAED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.7.0\", \"matchCriteriaId\": \"CF7AEB5A-A52E-45E7-AFBF-546C351A4915\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.\"}, {\"lang\": \"es\", \"value\": \"En las compilaciones de 32 bits, podr\\u00eda haber ocurrido una escritura fuera de l\\u00edmites al procesar una imagen de m\\u00e1s de 4 GB en (code)GMPDecodeData(/code). Es posible que con suficiente esfuerzo esto podr\\u00eda haber sido explotado para ejecutar c\\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\\u00f3n 68.7.0, Firefox ESR versiones anteriores a la versi\\u00f3n  68.7 y Firefox versiones anteriores a 75.\"}]",
      "id": "CVE-2020-6822",
      "lastModified": "2024-11-21T05:36:14.513",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-04-24T16:15:13.573",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1544181\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://usn.ubuntu.com/4335-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-12/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-13/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-14/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1544181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://usn.ubuntu.com/4335-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-12/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-13/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-14/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-6822\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2020-04-24T16:15:13.573\",\"lastModified\":\"2024-11-21T05:36:14.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.\"},{\"lang\":\"es\",\"value\":\"En las compilaciones de 32 bits, podr\u00eda haber ocurrido una escritura fuera de l\u00edmites al procesar una imagen de m\u00e1s de 4 GB en (code)GMPDecodeData(/code). Es posible que con suficiente esfuerzo esto podr\u00eda haber sido explotado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\u00f3n 68.7.0, Firefox ESR versiones anteriores a la versi\u00f3n  68.7 y Firefox versiones anteriores a 75.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"75.0\",\"matchCriteriaId\":\"925D894A-1609-43FB-94FE-84B3EAB9CE72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.7.0\",\"matchCriteriaId\":\"D5D6475F-6C46-4BF0-B372-900A5B9FAED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.7.0\",\"matchCriteriaId\":\"CF7AEB5A-A52E-45E7-AFBF-546C351A4915\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1544181\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://usn.ubuntu.com/4335-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-12/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-13/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-14/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1544181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://usn.ubuntu.com/4335-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-12/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-13/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-14/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-196

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 75
	Mozilla	Firefox	Firefox ESR versions antérieures à 68.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-13 du 07 avril 2020	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2020-12 du 07 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 75",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6827"
    },
    {
      "name": "CVE-2020-6821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6821"
    },
    {
      "name": "CVE-2020-6828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6828"
    },
    {
      "name": "CVE-2020-6823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6823"
    },
    {
      "name": "CVE-2020-6824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6824"
    },
    {
      "name": "CVE-2020-6826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6826"
    },
    {
      "name": "CVE-2020-6822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6822"
    },
    {
      "name": "CVE-2020-6825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6825"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-196",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-13 du 07 avril 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-12 du 07 avril 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/"
    }
  ]
}

CERTFR-2020-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 68.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-14 du 09 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 68.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6821"
    },
    {
      "name": "CVE-2020-6819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6819"
    },
    {
      "name": "CVE-2020-6820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6820"
    },
    {
      "name": "CVE-2020-6822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6822"
    },
    {
      "name": "CVE-2020-6825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6825"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-204",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-14 du 09 avril 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/"
    }
  ]
}

CERTFR-2020-AVI-196

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 75
	Mozilla	Firefox	Firefox ESR versions antérieures à 68.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-13 du 07 avril 2020	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2020-12 du 07 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 75",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6827"
    },
    {
      "name": "CVE-2020-6821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6821"
    },
    {
      "name": "CVE-2020-6828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6828"
    },
    {
      "name": "CVE-2020-6823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6823"
    },
    {
      "name": "CVE-2020-6824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6824"
    },
    {
      "name": "CVE-2020-6826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6826"
    },
    {
      "name": "CVE-2020-6822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6822"
    },
    {
      "name": "CVE-2020-6825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6825"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-196",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-13 du 07 avril 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-12 du 07 avril 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/"
    }
  ]
}

CERTFR-2020-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 68.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-14 du 09 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 68.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6821"
    },
    {
      "name": "CVE-2020-6819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6819"
    },
    {
      "name": "CVE-2020-6820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6820"
    },
    {
      "name": "CVE-2020-6822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6822"
    },
    {
      "name": "CVE-2020-6825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6825"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-204",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-14 du 09 avril 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/"
    }
  ]
}

BDU:2022-05939

Vulnerability from fstec - Published: 07.04.2020

Title

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью специально созданного образа

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Canonical Ltd., Novell Inc., Сообщество свободного программного обеспечения, АО «ИВК», Mozilla Corp., АО «Концерн ВНИИНС»

Software Name

Red Hat Enterprise Linux, Ubuntu, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, OpenSUSE Leap, Debian GNU/Linux, Альт 8 СП (запись в едином реестре российских программ №4305), Firefox, Firefox ESR, Thunderbird, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 18.04 LTS (Ubuntu), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 11 SP4-LTSS (Suse Linux Enterprise Server), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 10 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 19.10 (Ubuntu), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 15.2 (OpenSUSE Leap), 16.04 ESM (Ubuntu), 15.3 (OpenSUSE Leap), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 15.4 (OpenSUSE Leap), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (Альт 8 СП), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (Suse Linux Enterprise Desktop), до 75 (Firefox), до 68.7 (Firefox ESR), до 68.7.0 (Thunderbird), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств антивирусной защиты с функцией контроля доступа к веб-ресурсам; - контролируемый доступ в сеть Интернет – регламентация разрешенных сетевых ресурсов и соединений; - запуск веб-браузера от имени пользователя с минимальными возможными привилегиями в операционной системе; - использование альтернативных веб-браузеров; - применение систем обнаружения и предотвращения вторжений. Использование рекомендаций производителя: Для программных продуктов Mozilla Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ Для Ubuntu: https://ubuntu.com/security/CVE-2020-6822 https://ubuntu.com/security/notices/USN-4323-1 https://ubuntu.com/security/notices/USN-4328-1 https://ubuntu.com/security/notices/USN-4335-1 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2020-6822.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2020-6822 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2020-6822 Для ОС ОН «Стрелец»: Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1544181 https://www.cybersecurity-help.cz/vdb/SB2020040744 https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ https://ubuntu.com/security/CVE-2020-6822 https://ubuntu.com/security/notices/USN-4323-1 https://ubuntu.com/security/notices/USN-4328-1 https://ubuntu.com/security/notices/USN-4335-1 https://www.suse.com/security/cve/CVE-2020-6822.html https://access.redhat.com/security/cve/cve-2020-6822 https://security-tracker.debian.org/tracker/CVE-2020-6822 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-119, CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 18.04 LTS (Ubuntu), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 11 SP4-LTSS (Suse Linux Enterprise Server), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 10 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 19.10 (Ubuntu), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 15.2 (OpenSUSE Leap), 16.04 ESM (Ubuntu), 15.3 (OpenSUSE Leap), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 15.4 (OpenSUSE Leap), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (Suse Linux Enterprise Desktop), \u0434\u043e 75 (Firefox), \u0434\u043e 68.7 (Firefox ESR), \u0434\u043e 68.7.0 (Thunderbird), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0435\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u2013 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Firefox:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-14/\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2020-6822\nhttps://ubuntu.com/security/notices/USN-4323-1\nhttps://ubuntu.com/security/notices/USN-4328-1\nhttps://ubuntu.com/security/notices/USN-4335-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2020-6822.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-6822\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-6822\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05939",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-6822",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, OpenSUSE Leap, Debian GNU/Linux, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Firefox, Firefox ESR, Thunderbird, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1 , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1 , Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS , Canonical Ltd. Ubuntu 19.10 , Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions , Novell Inc. OpenSUSE Leap 15.2 , Canonical Ltd. Ubuntu 16.04 ESM , Novell Inc. OpenSUSE Leap 15.3 , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP1 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Mozilla Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Mozilla Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u0440\u0430\u0437\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u0431\u043e\u043b\u0435\u0435 4 \u0413\u0431 \u0432 32-\u0431\u0438\u0442\u043d\u044b\u0445 \u0441\u0431\u043e\u0440\u043a\u0430\u0445.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181\nhttps://www.cybersecurity-help.cz/vdb/SB2020040744\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-14/\nhttps://ubuntu.com/security/CVE-2020-6822\nhttps://ubuntu.com/security/notices/USN-4323-1\nhttps://ubuntu.com/security/notices/USN-4328-1\nhttps://ubuntu.com/security/notices/USN-4335-1\nhttps://www.suse.com/security/cve/CVE-2020-6822.html\nhttps://access.redhat.com/security/cve/cve-2020-6822\nhttps://security-tracker.debian.org/tracker/CVE-2020-6822\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2020-26232

Vulnerability from cnvd - Published: 2020-05-03

Title

多款Mozilla产品缓冲区溢出漏洞（CNVD-2020-26232）

Description

Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。多款Mozilla产品存在缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

多款Mozilla产品缓冲区溢出漏洞（CNVD-2020-26232）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/

Reference

https://www.auscert.org.au/bulletins/ESB-2020.1229/

Impacted products

Name
['Mozilla Thunderbird <68.7.0', 'Mozilla Firefox <75', 'Mozilla Firefox ESR <68.7']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6822"
    }
  },
  "description": "Mozilla Firefox\u7b49\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-14/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-26232",
  "openTime": "2020-05-03",
  "patchDescription": "Mozilla Firefox\u7b49\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-26232\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Thunderbird \u003c68.7.0",
      "Mozilla Firefox \u003c75",
      "Mozilla Firefox ESR \u003c68.7"
    ]
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.1229/",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-08",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-26232\uff09"
}

FKIE_CVE-2020-6822

Vulnerability from fkie_nvd - Published: 2020-04-24 16:15 - Updated: 2024-11-21 05:36

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1544181	Issue Tracking, Permissions Required
security@mozilla.org	https://usn.ubuntu.com/4335-1/	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2020-12/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2020-13/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2020-14/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1544181	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4335-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2020-12/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2020-13/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2020-14/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "925D894A-1609-43FB-94FE-84B3EAB9CE72",
              "versionEndExcluding": "75.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D6475F-6C46-4BF0-B372-900A5B9FAED5",
              "versionEndExcluding": "68.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7AEB5A-A52E-45E7-AFBF-546C351A4915",
              "versionEndExcluding": "68.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75."
    },
    {
      "lang": "es",
      "value": "En las compilaciones de 32 bits, podr\u00eda haber ocurrido una escritura fuera de l\u00edmites al procesar una imagen de m\u00e1s de 4 GB en (code)GMPDecodeData(/code). Es posible que con suficiente esfuerzo esto podr\u00eda haber sido explotado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\u00f3n 68.7.0, Firefox ESR versiones anteriores a la versi\u00f3n  68.7 y Firefox versiones anteriores a 75."
    }
  ],
  "id": "CVE-2020-6822",
  "lastModified": "2024-11-21T05:36:14.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-24T16:15:13.573",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4335-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4335-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V2MH-4GCF-6GHR

Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-05-24 17:16

Details

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6822"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-24T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
  "id": "GHSA-v2mh-4gcf-6ghr",
  "modified": "2022-05-24T17:16:27Z",
  "published": "2022-05-24T17:16:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6822"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4335-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-6822

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-6822

Aliases

CVE-2020-6822

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6822",
    "description": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
    "id": "GSD-2020-6822",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-6822.html",
      "https://www.debian.org/security/2020/dsa-4656",
      "https://www.debian.org/security/2020/dsa-4655",
      "https://access.redhat.com/errata/RHSA-2020:1496",
      "https://access.redhat.com/errata/RHSA-2020:1495",
      "https://access.redhat.com/errata/RHSA-2020:1489",
      "https://access.redhat.com/errata/RHSA-2020:1488",
      "https://access.redhat.com/errata/RHSA-2020:1429",
      "https://access.redhat.com/errata/RHSA-2020:1420",
      "https://access.redhat.com/errata/RHSA-2020:1406",
      "https://access.redhat.com/errata/RHSA-2020:1404",
      "https://ubuntu.com/security/CVE-2020-6822",
      "https://advisories.mageia.org/CVE-2020-6822.html",
      "https://linux.oracle.com/cve/CVE-2020-6822.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6822"
      ],
      "details": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
      "id": "GSD-2020-6822",
      "modified": "2023-12-13T01:21:55.295871Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2020-6822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "68.7.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "68.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "75"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out of bounds write in GMPDecodeData when processing large images"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2020-13/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2020-12/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2020-14/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
          },
          {
            "name": "USN-4335-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4335-1/"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2020-6822"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "68.7.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "75"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "68.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox \u003c 75, and Firefox ESR \u003c 68.7."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out of bounds write in GMPDecodeData when processing large images"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "75.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "68.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "68.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-6822"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-13/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-14/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-12/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Permissions Required"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544181"
            },
            {
              "name": "USN-4335-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4335-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-05-01T13:44Z",
      "publishedDate": "2020-04-24T16:15Z"
    }
  }
}

OPENSUSE-SU-2020:0493-1

Vulnerability from csaf_opensuse - Published: 2020-04-10 06:55 - Updated: 2020-04-10 06:55

Summary

Security update for MozillaFirefox

Severity

Important

Notes

Title of the patch: Security update for MozillaFirefox

Description of the patch: This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2020-493

CVE-2020-6821

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-6822

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-6825

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-6827

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-6828

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64	—	Vendor Fix

Threats

Impact important

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1168874	self
https://www.suse.com/security/cve/CVE-2020-6821/	self
https://www.suse.com/security/cve/CVE-2020-6822/	self
https://www.suse.com/security/cve/CVE-2020-6825/	self
https://www.suse.com/security/cve/CVE-2020-6827/	self
https://www.suse.com/security/cve/CVE-2020-6828/	self
https://www.suse.com/security/cve/CVE-2020-6821	external
https://bugzilla.suse.com/1168630	external
https://bugzilla.suse.com/1168874	external
https://www.suse.com/security/cve/CVE-2020-6822	external
https://bugzilla.suse.com/1168630	external
https://bugzilla.suse.com/1168874	external
https://www.suse.com/security/cve/CVE-2020-6825	external
https://bugzilla.suse.com/1168630	external
https://bugzilla.suse.com/1168874	external
https://www.suse.com/security/cve/CVE-2020-6827	external
https://bugzilla.suse.com/1168874	external
https://www.suse.com/security/cve/CVE-2020-6828	external
https://bugzilla.suse.com/1168874	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues:\n\n- CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874).\n- CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874).\n- CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874).\n- CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874).\n- CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-493",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0493-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0493-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PEPV5DHEVOPH4DSX3ID2NZZTDCDCRASS/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0493-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PEPV5DHEVOPH4DSX3ID2NZZTDCDCRASS/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168874",
        "url": "https://bugzilla.suse.com/1168874"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6821 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6821/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6822 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6822/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6825 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6825/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6827 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6827/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6828 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6828/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2020-04-10T06:55:38Z",
      "generator": {
        "date": "2020-04-10T06:55:38Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0493-1",
      "initial_release_date": "2020-04-10T06:55:38Z",
      "revision_history": [
        {
          "date": "2020-04-10T06:55:38Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
                  "product_id": "MozillaFirefox-68.7.0-lp151.2.42.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
                  "product_id": "MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
                  "product_id": "MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-68.7.0-lp151.2.42.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64"
        },
        "product_reference": "MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64"
        },
        "product_reference": "MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64"
        },
        "product_reference": "MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-6821",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6821"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When reading from areas partially or fully outside the source resource with WebGL\u0027s \u003ccode\u003ecopyTexSubImage\u003c/code\u003e method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6821",
          "url": "https://www.suse.com/security/cve/CVE-2020-6821"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168630 for CVE-2020-6821",
          "url": "https://bugzilla.suse.com/1168630"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168874 for CVE-2020-6821",
          "url": "https://bugzilla.suse.com/1168874"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-10T06:55:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6821"
    },
    {
      "cve": "CVE-2020-6822",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6822"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6822",
          "url": "https://www.suse.com/security/cve/CVE-2020-6822"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168630 for CVE-2020-6822",
          "url": "https://bugzilla.suse.com/1168630"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168874 for CVE-2020-6822",
          "url": "https://bugzilla.suse.com/1168874"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-10T06:55:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6822"
    },
    {
      "cve": "CVE-2020-6825",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6825"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6825",
          "url": "https://www.suse.com/security/cve/CVE-2020-6825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168630 for CVE-2020-6825",
          "url": "https://bugzilla.suse.com/1168630"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168874 for CVE-2020-6825",
          "url": "https://bugzilla.suse.com/1168874"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-10T06:55:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6825"
    },
    {
      "cve": "CVE-2020-6827",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6827"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. \u003cbr\u003e *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 68.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6827",
          "url": "https://www.suse.com/security/cve/CVE-2020-6827"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168874 for CVE-2020-6827",
          "url": "https://bugzilla.suse.com/1168874"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-10T06:55:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6827"
    },
    {
      "cve": "CVE-2020-6828",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6828"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user\u0027s profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.\u003cbr\u003e *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 68.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6828",
          "url": "https://www.suse.com/security/cve/CVE-2020-6828"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168874 for CVE-2020-6828",
          "url": "https://bugzilla.suse.com/1168874"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.7.0-lp151.2.42.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.7.0-lp151.2.42.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-10T06:55:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6828"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6822 (GCVE-0-2020-6822)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature