Vulnerability-Lookup

RHSA-2020:2613

Vulnerability from csaf_redhat - Published: 2020-06-19 03:16 - Updated: 2025-11-21 18:14

Summary

Red Hat Security Advisory: thunderbird security update

Severity

Important

Notes

Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-12398

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. https://access.redhat.com/errata/RHSA-2020:2613

CVE-2020-12405

The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

CVE-2020-12406

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2020-12410

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

URL

Category

	https://access.redhat.com/errata/RHSA-2020:2613	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1843030	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1843312	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1843313	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1846556	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2020-12398	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1846556	external
	https://www.cve.org/CVERecord?id=CVE-2020-12398	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-12398	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://access.redhat.com/security/cve/CVE-2020-12405	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1843313	external
	https://www.cve.org/CVERecord?id=CVE-2020-12405	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-12405	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://access.redhat.com/security/cve/CVE-2020-12406	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1843312	external
	https://www.cve.org/CVERecord?id=CVE-2020-12406	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-12406	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://access.redhat.com/security/cve/CVE-2020-12410	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1843030	external
	https://www.cve.org/CVERecord?id=CVE-2020-12410	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-12410	external

Acknowledgments

the Mozilla project

Damian Poddebniak

Cisco Talos Marcin 'Icewall' Noga

Iain Ireland

Tom Tung and Karl Tomlinson

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.9.0.\n\nSecurity Fix(es):\n\n* Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398)\n\n* Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405)\n\n* Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406)\n\n* Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:2613",
        "url": "https://access.redhat.com/errata/RHSA-2020:2613"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1843030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843030"
      },
      {
        "category": "external",
        "summary": "1843312",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843312"
      },
      {
        "category": "external",
        "summary": "1843313",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843313"
      },
      {
        "category": "external",
        "summary": "1846556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846556"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2613.json"
      }
    ],
    "title": "Red Hat Security Advisory: thunderbird security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:14:58+00:00",
      "generator": {
        "date": "2025-11-21T18:14:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2020:2613",
      "initial_release_date": "2020-06-19T03:16:59+00:00",
      "revision_history": [
        {
          "date": "2020-06-19T03:16:59+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-06-19T03:16:59+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:14:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                  "product_id": "6Server-optional-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:68.9.0-1.el6_10.i686",
                "product": {
                  "name": "thunderbird-0:68.9.0-1.el6_10.i686",
                  "product_id": "thunderbird-0:68.9.0-1.el6_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@68.9.0-1.el6_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
                "product": {
                  "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
                  "product_id": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@68.9.0-1.el6_10?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:68.9.0-1.el6_10.x86_64",
                "product": {
                  "name": "thunderbird-0:68.9.0-1.el6_10.x86_64",
                  "product_id": "thunderbird-0:68.9.0-1.el6_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@68.9.0-1.el6_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
                "product": {
                  "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
                  "product_id": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@68.9.0-1.el6_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:68.9.0-1.el6_10.src",
                "product": {
                  "name": "thunderbird-0:68.9.0-1.el6_10.src",
                  "product_id": "thunderbird-0:68.9.0-1.el6_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@68.9.0-1.el6_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:68.9.0-1.el6_10.ppc64",
                "product": {
                  "name": "thunderbird-0:68.9.0-1.el6_10.ppc64",
                  "product_id": "thunderbird-0:68.9.0-1.el6_10.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@68.9.0-1.el6_10?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
                "product": {
                  "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
                  "product_id": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@68.9.0-1.el6_10?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:68.9.0-1.el6_10.s390x",
                "product": {
                  "name": "thunderbird-0:68.9.0-1.el6_10.s390x",
                  "product_id": "thunderbird-0:68.9.0-1.el6_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@68.9.0-1.el6_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
                "product": {
                  "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
                  "product_id": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@68.9.0-1.el6_10?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.i686",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.ppc64",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.s390x",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.src",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.x86_64",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
        "relates_to_product_reference": "6Client-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.i686",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.ppc64",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.s390x",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.src",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.x86_64",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.i686",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.ppc64",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.s390x",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.src",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:68.9.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64"
        },
        "product_reference": "thunderbird-0:68.9.0-1.el6_10.x86_64",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
        "relates_to_product_reference": "6Workstation-6.10.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Damian Poddebniak"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2020-12398",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1846556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nIf Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-12398"
        },
        {
          "category": "external",
          "summary": "RHBZ#1846556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-12398"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12398",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12398"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398"
        }
      ],
      "release_date": "2020-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-19T03:16:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
          "product_ids": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2613"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Marcin \u0027Icewall\u0027 Noga"
          ],
          "organization": "Cisco Talos",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2020-12405",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2020-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1843313"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla: Use-after-free in SharedWorkerService",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-12405"
        },
        {
          "category": "external",
          "summary": "RHBZ#1843313",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843313"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12405",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-12405"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12405",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12405"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405"
        }
      ],
      "release_date": "2020-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-19T03:16:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
          "product_ids": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2613"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Mozilla: Use-after-free in SharedWorkerService"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Iain Ireland"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2020-12406",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "discovery_date": "2020-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1843312"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla: JavaScript Type confusion with NativeTypes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-12406"
        },
        {
          "category": "external",
          "summary": "RHBZ#1843312",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843312"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12406",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-12406"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12406",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12406"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406"
        }
      ],
      "release_date": "2020-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-19T03:16:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
          "product_ids": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2613"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Mozilla: JavaScript Type confusion with NativeTypes"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Tom Tung and Karl Tomlinson"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2020-12410",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2020-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1843030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
          "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
          "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-12410"
        },
        {
          "category": "external",
          "summary": "RHBZ#1843030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-12410"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12410",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12410"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405"
        }
      ],
      "release_date": "2020-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-19T03:16:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
          "product_ids": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2613"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Client-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Client-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Server-optional-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Server-optional-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.src",
            "6Workstation-6.10.z:thunderbird-0:68.9.0-1.el6_10.x86_64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.i686",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.ppc64",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.s390x",
            "6Workstation-6.10.z:thunderbird-debuginfo-0:68.9.0-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9"
    }
  ]
}

CVE-2020-12410 (GCVE-0-2020-12410)

Vulnerability from cvelistv5 – Published: 2020-07-09 14:45 – Updated: 2024-08-04 11:56

Summary

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Severity ?

No CVSS data available.

CWE

Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…	x_refsource_MISC
	https://usn.ubuntu.com/4421-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

Vendor

Product

Version

Mozilla

Thunderbird

Affected: unspecified , < 68.9.0 (custom)

	Mozilla	Firefox	Affected: unspecified , < 77 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 68.9 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:51.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717"
          },
          {
            "name": "USN-4421-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4421-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "77",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T15:06:09.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717"
        },
        {
          "name": "USN-4421-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4421-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-12410",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "77"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-20/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-21/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717"
            },
            {
              "name": "USN-4421-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4421-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-12410",
    "datePublished": "2020-07-09T14:45:30.000Z",
    "dateReserved": "2020-04-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:56:51.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12405 (GCVE-0-2020-12405)

Vulnerability from cvelistv5 – Published: 2020-07-09 14:45 – Updated: 2024-08-04 11:56

Summary

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Severity ?

No CVSS data available.

CWE

Use-after-free in SharedWorkerService

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1631618	x_refsource_MISC
	https://usn.ubuntu.com/4421-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

Vendor

Product

Version

Mozilla

Thunderbird

Affected: unspecified , < 68.9.0 (custom)

	Mozilla	Firefox	Affected: unspecified , < 77 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 68.9 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:51.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631618"
          },
          {
            "name": "USN-4421-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4421-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "77",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in SharedWorkerService",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T15:06:09.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631618"
        },
        {
          "name": "USN-4421-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4421-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-12405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "77"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free in SharedWorkerService"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-20/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-21/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631618",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631618"
            },
            {
              "name": "USN-4421-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4421-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-12405",
    "datePublished": "2020-07-09T14:45:23.000Z",
    "dateReserved": "2020-04-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:56:51.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12398 (GCVE-0-2020-12398)

Vulnerability from cvelistv5 – Published: 2020-07-09 14:45 – Updated: 2024-08-04 11:56

Summary

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

Severity ?

No CVSS data available.

CWE

Security downgrade with IMAP STARTTLS leads to information leakage

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1613623	x_refsource_MISC
	https://usn.ubuntu.com/4421-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	Mozilla	Thunderbird	Affected: unspecified , < 68.9.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1613623"
          },
          {
            "name": "USN-4421-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4421-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird \u003c 68.9.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security downgrade with IMAP STARTTLS leads to information leakage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T15:06:15.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1613623"
        },
        {
          "name": "USN-4421-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4421-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-12398",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird \u003c 68.9.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security downgrade with IMAP STARTTLS leads to information leakage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1613623",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1613623"
            },
            {
              "name": "USN-4421-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4421-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-12398",
    "datePublished": "2020-07-09T14:45:35.000Z",
    "dateReserved": "2020-04-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:56:52.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12406 (GCVE-0-2020-12406)

Vulnerability from cvelistv5 – Published: 2020-07-09 14:45 – Updated: 2024-08-04 11:56

Summary

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Severity ?

No CVSS data available.

CWE

JavaScript type confusion with NativeTypes

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1639590	x_refsource_MISC
	https://usn.ubuntu.com/4421-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

Vendor

Product

Version

Mozilla

Thunderbird

Affected: unspecified , < 68.9.0 (custom)

	Mozilla	Firefox	Affected: unspecified , < 77 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 68.9 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:51.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"
          },
          {
            "name": "USN-4421-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4421-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "77",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "JavaScript type confusion with NativeTypes",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T15:06:11.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"
        },
        {
          "name": "USN-4421-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4421-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2020-12406",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "77"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "JavaScript type confusion with NativeTypes"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-20/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-21/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1639590"
            },
            {
              "name": "USN-4421-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4421-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-12406",
    "datePublished": "2020-07-09T14:45:21.000Z",
    "dateReserved": "2020-04-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:56:51.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2020:2613

CVE-2020-12410 (GCVE-0-2020-12410)

CVE-2020-12405 (GCVE-0-2020-12405)

CVE-2020-12398 (GCVE-0-2020-12398)

CVE-2020-12406 (GCVE-0-2020-12406)

Tags

Sightings

Nomenclature