---

CVE-2020-6806 - log back

CVE-2020-6806 edited at 16 Mar 2020 11:33:01
Description	- A state confusion issue has been found in Firefox before 74, in BodyStream::OnInputStreamReady. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. + A state confusion issue has been found in Firefox before 74 and Thunderbird before 68.6, in BodyStream::OnInputStreamReady. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash.
References	https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806 https://bugzilla.mozilla.org/show_bug.cgi?id=1612308

CVE-2020-6806 edited at 11 Mar 2020 11:01:51
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A state confusion issue has been found in Firefox before 74, in BodyStream::OnInputStreamReady. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 + https://bugzilla.mozilla.org/show_bug.cgi?id=1612308
Notes

CVE-2020-6806 created at 11 Mar 2020 10:25:09