CVE-2020-6807 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6, in cubeb  during stream destruction. When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
Group Package Affected Fixed Severity Status Ticket
AVG-1115 thunderbird 68.5.0-1 68.6.0-1 Critical Fixed
AVG-1112 firefox 73.0.1-1 74.0-1 Critical Fixed
Date Advisory Group Package Severity Description
11 Mar 2020 ASA-202003-8 AVG-1112 firefox Critical multiple issues
16 Mar 2020 ASA-202003-11 AVG-1115 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
https://bugzilla.mozilla.org/show_bug.cgi?id=1614971