[ASA-202004-12] thunderbird: multiple issues
Jelle van der Waa
jelle at archlinux.org
Mon Apr 13 21:46:23 UTC 2020
Arch Linux Security Advisory ASA-202004-12
==========================================
Severity: Critical
Date : 2020-04-13
CVE-ID : CVE-2020-6815 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1132
Summary
=======
The package thunderbird before version 68.7.0-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Resolution
==========
Upgrade to 68.7.0-1.
# pacman -Syu "thunderbird>=68.7.0-1"
The problems have been fixed upstream in version 68.7.0.
Workaround
==========
None.
Description
===========
- CVE-2020-6815 (arbitrary code execution)
Several memory safety and script safety bugs have been found in Firefox
before 74 and Thunderbird before 68.7.0. Some of these bugs showed
evidence of memory corruption or escalation of privilege and Mozilla
presumes that with enough effort some of these could have been
exploited to run arbitrary code.
- CVE-2020-6819 (arbitrary code execution)
A use-after-free vulnerability has been found in Firefox before 74.0.1
and Thunderbird before 68.7.0 where under certain conditions, when
running the nsDocShell destructor, a race condition can cause a use-
after-free. Mozilla is aware of targeted attacks in the wild abusing
this flaw.
- CVE-2020-6820 (arbitrary code execution)
A use-after-free vulnerability has been found in Firefox before 74.0.1
and Thunderbird before 68.7.0 where, under certain conditions, when
handling a ReadableStream, a race condition can cause a use-after-free.
Mozilla is aware of targeted attacks in the wild abusing this flaw.
- CVE-2020-6821 (information disclosure)
An information disclosure issue has been found in Firefox before 75.0
and Thunderbird before 68.7.0. When reading from areas partially or
fully outside the source resource with WebGL's copyTexSubImage method,
the specification requires the returned values be zero. Previously,
this memory was uninitialized, leading to potentially sensitive data
disclosure.
Impact
======
A remote attacker can access sensitive information or execute arbitrary
code on the affected host.
References
==========
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819
https://bugzilla.mozilla.org/show_bug.cgi?id=1620818
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820
https://bugzilla.mozilla.org/show_bug.cgi?id=1626728
https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
https://bugzilla.mozilla.org/show_bug.cgi?id=1625404
https://security.archlinux.org/CVE-2020-6815
https://security.archlinux.org/CVE-2020-6819
https://security.archlinux.org/CVE-2020-6820
https://security.archlinux.org/CVE-2020-6821
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20200413/d5e3b579/attachment.sig>
More information about the arch-security
mailing list