First published: Tue Apr 21 2020(Updated: )
Crafted media files could lead to a race in texture caches, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <68.11 | 68.11 |
Google Chrome | <81.0.4044.122 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
Google Chrome | <81.0.4044.122 | 81.0.4044.122 |
Mozilla Firefox ESR | <78.1 | 78.1 |
Mozilla Thunderbird | <78.1 | 78.1 |
Mozilla Thunderbird | <68.11 | 68.11 |
Mozilla Firefox | <79 | 79 |
debian/chromium | 120.0.6099.224-1~deb11u1 130.0.6723.91-1~deb12u1 130.0.6723.116-1~deb12u1 130.0.6723.91-2 130.0.6723.116-1 | |
debian/firefox | 132.0.2-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.4.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.4.0esr-1~deb12u1 128.3.1esr-2 128.4.0esr-1 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.4.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.4.0esr-1~deb12u1 1:128.4.2esr-1 1:128.4.3esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2020-6463 is a vulnerability in Mozilla Firefox and Thunderbird that could lead to a use-after-free memory corruption and a potentially exploitable crash.
CVE-2020-6463 has a medium severity rating.
Mozilla Firefox ESR versions up to 68.11, Thunderbird versions up to 68.11, Firefox versions up to 79, Firefox ESR versions up to 78.1, and Thunderbird versions up to 78.1 are affected.
CVE-2020-6463 can be exploited using crafted media files that lead to a race in texture caches.
To fix CVE-2020-6463, users should update Mozilla Firefox and Thunderbird to the recommended versions.