CVE-2020-6820

HIGH KEV

Mozilla Firefox < 68.6.1 - Race Condition

Title source: rule

Description

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

References (5)

[Issue Tracking, Permissions Required] https://bugzilla.mozilla.org/show_bug.cgi?id=1626728

[Third Party Advisory] https://usn.ubuntu.com/4335-1/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-11/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-14/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6820

Scores

CVSS v3 8.1

EPSS 0.0313

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-04-01

InTheWild.io 2020-04-01

ENISA EUVD EUVD-2020-27964

CWE

CWE-362

Status published

Products (3)

mozilla/firefox < 68.6.1

mozilla/firefox < 74.0.1

mozilla/thunderbird < 68.7.0

Published Apr 24, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026