nvd-json-data-feeds/CVE-2020/CVE-2020-68xx/CVE-2020-6819.json

{
  "id": "CVE-2020-6819",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2020-04-24T16:15:13.370",
  "lastModified": "2022-07-12T17:42:04.277",
  "vulnStatus": "Analyzed",
  "cisaExploitAdd": "2021-11-03",
  "cisaActionDue": "2022-05-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability",
  "descriptions": [
    {
      "lang": "en",
      "value": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1."
    },
    {
      "lang": "es",
      "value": "Bajo determinadas condiciones, cuando se ejecuta el destructor nsDocShell, una condici\u00f3n de carrera puede causar un uso de la memoria previamente liberada. Somos conscientes de los ataques dirigidos \"in the wild\" que abusan de este fallo. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.7.0, Firefox versiones anteriores a 74.0.1 y Firefox ESR versiones anteriores a 68.6.1."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "74.0.1",
              "matchCriteriaId": "781555D1-8E31-4BD3-9C51-40D7B43C9130"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "68.6.1",
              "matchCriteriaId": "DF6BBA3E-8B43-4D39-BE34-9D3E3A6A10CB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "68.7.0",
              "matchCriteriaId": "CF7AEB5A-A52E-45E7-AFBF-546C351A4915"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620818",
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ]
    },
    {
      "url": "https://usn.ubuntu.com/4335-1/",
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-11/",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}