Arch Linux Security Advisory ASA-202004-12 ========================================== Severity: Critical Date : 2020-04-13 CVE-ID : CVE-2020-6815 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1132 Summary ======= The package thunderbird before version 68.7.0-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 68.7.0-1. # pacman -Syu "thunderbird>=68.7.0-1" The problems have been fixed upstream in version 68.7.0. Workaround ========== None. Description =========== - CVE-2020-6815 (arbitrary code execution) Several memory safety and script safety bugs have been found in Firefox before 74 and Thunderbird before 68.7.0. Some of these bugs showed evidence of memory corruption or escalation of privilege and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. - CVE-2020-6819 (arbitrary code execution) A use-after-free vulnerability has been found in Firefox before 74.0.1 and Thunderbird before 68.7.0 where under certain conditions, when running the nsDocShell destructor, a race condition can cause a use- after-free. Mozilla is aware of targeted attacks in the wild abusing this flaw. - CVE-2020-6820 (arbitrary code execution) A use-after-free vulnerability has been found in Firefox before 74.0.1 and Thunderbird before 68.7.0 where, under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. Mozilla is aware of targeted attacks in the wild abusing this flaw. - CVE-2020-6821 (information disclosure) An information disclosure issue has been found in Firefox before 75.0 and Thunderbird before 68.7.0. When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. Impact ====== A remote attacker can access sensitive information or execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431 https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819 https://bugzilla.mozilla.org/show_bug.cgi?id=1620818 https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820 https://bugzilla.mozilla.org/show_bug.cgi?id=1626728 https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 https://bugzilla.mozilla.org/show_bug.cgi?id=1625404 https://security.archlinux.org/CVE-2020-6815 https://security.archlinux.org/CVE-2020-6819 https://security.archlinux.org/CVE-2020-6820 https://security.archlinux.org/CVE-2020-6821