CVE-2020-6463: Use After Free
First published: Tue Apr 21 2020(Updated: )
Crafted media files could lead to a race in texture caches, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <68.11 | 68.11 |
| Google Chrome | <81.0.4044.122 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Google Chrome | <81.0.4044.122 | 81.0.4044.122 |
| Mozilla Firefox ESR | <78.1 | 78.1 |
| Mozilla Thunderbird | <78.1 | 78.1 |
| Mozilla Thunderbird | <68.11 | 68.11 |
| Mozilla Firefox | <79 | 79 |
| debian/chromium | 120.0.6099.224-1~deb11u1 130.0.6723.91-1~deb12u1 130.0.6723.116-1~deb12u1 130.0.6723.91-2 130.0.6723.116-1 | |
| debian/firefox | 132.0.2-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.4.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.4.0esr-1~deb12u1 128.3.1esr-2 128.4.0esr-1 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.4.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.4.0esr-1~deb12u1 1:128.4.2esr-1 1:128.4.3esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1635293
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/
- https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html (Advisory)
- https://crbug.com/1065186
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html
- https://www.debian.org/security/2020/dsa-4714
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/
- https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html
- https://security.gentoo.org/glsa/202007-60
- https://www.debian.org/security/2020/dsa-4736
- https://security.gentoo.org/glsa/202007-64
- https://www.debian.org/security/2020/dsa-4740
- https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
- https://usn.ubuntu.com/4443-1/
- https://launchpad.net/bugs/cve/CVE-2020-6463
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6514
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6463
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6463
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6463
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6463
- https://security-tracker.debian.org/tracker/CVE-2020-6463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
- https://nvd.nist.gov/vuln/detail/CVE-2020-6463
- https://ubuntu.com/security/CVE-2020-6463
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2020-6463?
CVE-2020-6463 is a vulnerability in Mozilla Firefox and Thunderbird that could lead to a use-after-free memory corruption and a potentially exploitable crash.
How severe is CVE-2020-6463?
CVE-2020-6463 has a medium severity rating.
Which software is affected by CVE-2020-6463?
Mozilla Firefox ESR versions up to 68.11, Thunderbird versions up to 68.11, Firefox versions up to 79, Firefox ESR versions up to 78.1, and Thunderbird versions up to 78.1 are affected.
How can CVE-2020-6463 be exploited?
CVE-2020-6463 can be exploited using crafted media files that lead to a race in texture caches.
How can I fix CVE-2020-6463?
To fix CVE-2020-6463, users should update Mozilla Firefox and Thunderbird to the recommended versions.
- collector/mozilla-advisory
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- collector/chrome-releases
- agent/software-canonical-lookup
- source/Mozilla
- collector/nvd-cve
- source/NVD
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox esr
- vendor/google
- canonical/google chrome
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- package-manager/debian