6.8
CVSSv2

CVE-2020-6796

Published: 02/03/2020 Updated: 12/03/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds write on shared memory read in the parent process. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Vulnerability Trend

Vendor Advisories

Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code For the oldstable distribution (stretch), these problems have been fixed in version 6850esr-1~deb9u1 For the stable distribution (buster), these problems have been fixed in version 6850esr-1~deb10u1 W ...
A missing bounds check on shared memory read in the parent process has been found in Firefox before 730 A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write This could have caused memory corruption and a potentially exploitable crash ...
Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-6796, CVE-2020-6800, CVE-2020-6798 ...
Arch Linux Security Advisory ASA-202002-5 ========================================= Severity: Critical Date : 2020-02-11 CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Package : firefox Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1096 Summary ======= The package firefox before versio ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4620-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 12, 2020 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-042-01) New mozilla-firefox packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-6850esr-i686-1_slack142 ...

Recent Articles

Mozilla Firefox 73 Browser Update Fixes High-Severity RCE Bugs
Threatpost • Lindsey O'Donnell • 12 Feb 2020

Mozilla has launched the latest version of its Firefox browser, which knocks out high-severity security flaws that leave systems open to attack by a remote adversary.
The patched version of Mozilla’s browser, launched on Tuesday, is Firefox 73 and Firefox ESR 68.5. The Firefox ESR browser is its Extended Support Release version of Firefox, designed for mass deployments. Both releases tackle six vulnerabilities. Two of the high-severity bugs both allow a remote attacker to execute code on...