CVE-2020-6819
Published: 24 April 2020
Summary
CVE-2020-6819 is a high-severity Race Condition (CWE-362) vulnerability in Mozilla Firefox. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 41.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-6819 is a use-after-free vulnerability resulting from a race condition during execution of the nsDocShell destructor. It affects Mozilla Firefox versions prior to 74.0.1, Firefox ESR versions prior to 68.6.1, and Thunderbird versions prior to 68.7.0, and is tracked under CWEs 362 and 416.
An unauthenticated remote attacker can trigger the flaw over the network with no user interaction required, although exploitation complexity is rated high. Successful abuse grants the attacker control over memory contents, enabling impacts to confidentiality, integrity, and availability.
Mozilla security advisories MFSA2020-11 and MFSA2020-14, along with corresponding Ubuntu updates, direct users to apply the fixed releases (Firefox 74.0.1, ESR 68.6.1, Thunderbird 68.7.0) as the primary mitigation.
Targeted attacks abusing this issue have been observed in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-27963
Vulnerability details
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR <…
more
68.6.1.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of security-relevant patches to eliminate the use-after-free flaw, matching the vendor advisory to upgrade Firefox/Thunderbird to the fixed releases.
Explicitly calls for memory-protection techniques that block use-after-free exploitation during nsDocShell destructor race conditions.
Enforces separate execution domains that limit the blast radius of memory corruption arising from the race condition in the browser process.