CVE-2020-6806 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A state confusion issue has been found in Firefox before 74 and Thunderbird before 68.6, in BodyStream::OnInputStreamReady. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash.
Group Package Affected Fixed Severity Status Ticket
AVG-1115 thunderbird 68.5.0-1 68.6.0-1 Critical Fixed
AVG-1112 firefox 73.0.1-1 74.0-1 Critical Fixed
Date Advisory Group Package Severity Description
11 Mar 2020 ASA-202003-8 AVG-1112 firefox Critical multiple issues
16 Mar 2020 ASA-202003-11 AVG-1115 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806
https://bugzilla.mozilla.org/show_bug.cgi?id=1612308