CVE-2020-6807 - log back

CVE-2020-6807 edited at 16 Mar 2020 11:32:44
Description
- A use-after-free issue has been found in Firefox before 74, in cubeb during stream destruction. When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
+ A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6, in cubeb during stream destruction. When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
https://bugzilla.mozilla.org/show_bug.cgi?id=1614971
CVE-2020-6807 edited at 11 Mar 2020 11:00:13
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A use-after-free issue has been found in Firefox before 74, in cubeb during stream destruction. When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1614971
Notes
CVE-2020-6807 created at 11 Mar 2020 10:25:09