{"api_version":"1","generated_at":"2026-04-23T00:39:29+00:00","cve":"CVE-2020-6800","urls":{"html":"https://cve.report/CVE-2020-6800","api":"https://cve.report/api/cve/CVE-2020-6800.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-6800","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-6800"},"summary":{"title":"CVE-2020-6800","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2020-03-02 05:15:00","updated_at":"2022-01-01 19:35:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202003-10","name":"GLSA-202003-10","refsource":"GENTOO","tags":[],"title":"Mozilla Thunderbird: Multiple vulnerabilities (GLSA 202003-10) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4328-1/","name":"USN-4328-1","refsource":"UBUNTU","tags":[],"title":"USN-4328-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4278-2/","name":"USN-4278-2","refsource":"UBUNTU","tags":[],"title":"USN-4278-2: Firefox vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202003-02","name":"GLSA-202003-02","refsource":"GENTOO","tags":[],"title":"Mozilla Firefox: Multiple vulnerabilities (GLSA 202003-02) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-05/","name":"https://www.mozilla.org/security/advisories/mfsa2020-05/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Vulnerabilities fixed in Firefox 73 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4335-1/","name":"USN-4335-1","refsource":"UBUNTU","tags":[],"title":"USN-4335-1: Thunderbird vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777","name":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777","refsource":"MISC","tags":["Broken Link"],"title":"Bug List","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-07/","name":"https://www.mozilla.org/security/advisories/mfsa2020-07/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Vulnerabilities fixed in Thunderbird 68.5 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-06/","name":"https://www.mozilla.org/security/advisories/mfsa2020-06/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Vulnerabilities fixed in Firefox ESR68.5 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-6800","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6800","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6800","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-6800","qid":"296076","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 19.3.0 Missing (CPUJAN2020)"},{"cve":"CVE-2020-6800","qid":"377025","title":"Alibaba Cloud Linux Security Update for firefox (ALINUX2-SA-2020:0021)"},{"cve":"CVE-2020-6800","qid":"377039","title":"Alibaba Cloud Linux Security Update for thunderbird (ALINUX2-SA-2020:0025)"},{"cve":"CVE-2020-6800","qid":"500926","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2020-6800","qid":"502371","title":"Alpine Linux Security Update for thunderbird"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-6800","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"68.5","version_affected":"<"}]}},{"product_name":"Firefox","version":{"version_data":[{"version_value":"73","version_affected":"<"},{"version_value":"ESR68.5","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Memory safety bugs fixed in Thunderbird 68.5"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2020-05/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2020-05/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-06/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2020-06/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-07/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2020-07/"},{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777","refsource":"MISC","name":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777"},{"refsource":"UBUNTU","name":"USN-4278-2","url":"https://usn.ubuntu.com/4278-2/"},{"refsource":"GENTOO","name":"GLSA-202003-02","url":"https://security.gentoo.org/glsa/202003-02"},{"refsource":"GENTOO","name":"GLSA-202003-10","url":"https://security.gentoo.org/glsa/202003-10"},{"refsource":"UBUNTU","name":"USN-4328-1","url":"https://usn.ubuntu.com/4328-1/"},{"refsource":"UBUNTU","name":"USN-4335-1","url":"https://usn.ubuntu.com/4335-1/"}]},"description":{"description_data":[{"lang":"eng","value":"Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5."}]}},"nvd":{"publishedDate":"2020-03-02 05:15:00","lastModifiedDate":"2022-01-01 19:35:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"68.5.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"73.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"68.5.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"6800","Ordinal":"167068","Title":"CVE-2020-6800","CVE":"CVE-2020-6800","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"6800","Ordinal":"1","NoteData":"Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"6800","Ordinal":"2","NoteData":"2020-03-01","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"6800","Ordinal":"3","NoteData":"2020-04-28","Type":"Other","Title":"Modified"}]}}}