CVE-2020-6820
Published: 24 April 2020
Summary
CVE-2020-6820 is a high-severity Race Condition (CWE-362) vulnerability in Mozilla Firefox. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-6820 is a race condition (CWE-362) that produces a use-after-free when a ReadableStream is handled under certain timing conditions. The flaw affects Mozilla Firefox before 74.0.1, Firefox ESR before 68.6.1, and Thunderbird before 68.7.0.
An unauthenticated remote attacker can trigger the vulnerability over the network with no user interaction required. Successful exploitation yields arbitrary code execution with full confidentiality, integrity, and availability impact, and the issue has already been observed in targeted attacks in the wild.
Mozilla security advisories MFSA2020-11 and MFSA2020-14, together with the corresponding Ubuntu update USN-4335-1, address the flaw by shipping corrected builds; users are advised to upgrade to the listed fixed versions. The high CVSS score of 8.1 reflects the combination of remote attack vector and severe consequences once the race is won.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-27964
Vulnerability details
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches that eliminate the race condition and use-after-free in ReadableStream handling.
Enforces memory-protection mechanisms that block exploitation of use-after-free conditions before arbitrary code execution occurs.
Requires process isolation that confines successful exploitation of the browser flaw, limiting its impact on the rest of the system.