{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.7.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "74.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.6.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1."}], "problemTypes": [{"descriptions": [{"description": "Use-after-free while running the nsDocShell destructor", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:57.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2020-6819", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.7.0"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "74.0.1"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.6.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free while running the nsDocShell destructor"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-14/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-11/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:05.160Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-6819", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T12:49:39.565251Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "timeline": [{"time": "2021-11-03T00:00:00+00:00", "lang": "en", "value": "CVE-2020-6819 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:35:45.566Z"}}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-6819", "datePublished": "2020-04-24T15:56:56.000Z", "dateReserved": "2020-01-10T00:00:00.000Z", "dateUpdated": "2025-10-21T23:35:45.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.7.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "74.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.6.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1."}], "problemTypes": [{"descriptions": [{"description": "Use-after-free while running the nsDocShell destructor", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:57.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2020-6819", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.7.0"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "74.0.1"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.6.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free while running the nsDocShell destructor"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-14/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-11/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:05.160Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-6819", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T12:49:39.565251Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:46:18.782Z"}, "timeline": [{"time": "2021-11-03T00:00:00+00:00", "lang": "en", "value": "CVE-2020-6819 added to CISA KEV"}], "title": "CISA ADP Vulnrichment"}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-6819", "datePublished": "2020-04-24T15:56:56.000Z", "dateReserved": "2020-01-10T00:00:00.000Z", "dateUpdated": "2025-10-21T19:54:33.072Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Mozilla Firefox And Thunderbird Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "A733A9CB-A031-4A8A-9580-8E262B6956B1", "versionEndExcluding": "68.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "420A3EDF-5443-45D9-BF32-FA964184832A", "versionEndExcluding": "74.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF7AEB5A-A52E-45E7-AFBF-546C351A4915", "versionEndExcluding": "68.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1."}, {"lang": "es", "value": "Bajo determinadas condiciones, cuando se ejecuta el destructor nsDocShell, una condici\u00f3n de carrera puede causar un uso de la memoria previamente liberada. Somos conscientes de los ataques dirigidos \"in the wild\" que abusan de este fallo. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.7.0, Firefox versiones anteriores a 74.0.1 y Firefox ESR versiones anteriores a 68.6.1."}], "id": "CVE-2020-6819", "lastModified": "2025-11-04T14:34:52.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-04-24T16:15:13.370", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francisco Alonso and Javier Marcos as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:1339", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.6.1-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1488", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.7.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-04-16T00:00:00Z"}, {"advisory": "RHSA-2020:1338", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.6.1-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1489", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.7.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-04-16T00:00:00Z"}, {"advisory": "RHSA-2020:1341", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.6.1-1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1495", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.7.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-16T00:00:00Z"}, {"advisory": "RHSA-2020:1340", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:68.6.1-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1496", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.7.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-04-16T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Use-after-free while running the nsDocShell destructor", "id": "1820869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820869"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.", "A flaw was found in Mozilla Firefox. A race condition can occur while running the nsDocShell destructor causing a use-after-free memory issue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2020-6819", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-6819\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}