CVE-2020-6819

HIGH KEV

Mozilla Firefox < 68.6.1 - Race Condition

Title source: rule

Description

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

References (5)

[Exploit, Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1620818

[Third Party Advisory] https://usn.ubuntu.com/4335-1/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-11/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-14/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6819

Scores

CVSS v3 8.1

EPSS 0.0036

EPSS Percentile 58.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-03-08

InTheWild.io 2020-03-08

ENISA EUVD EUVD-2020-27963

CWE

CWE-362 CWE-416

Status published

Products (3)

mozilla/firefox < 68.6.1

mozilla/firefox < 74.0.1

mozilla/thunderbird < 68.7.0

Published Apr 24, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026