GSD-2020-6820 — Vulnetix

GSD-2020-6820 PUBLISHED CVSS 8.100000381469727 HIGH

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	*
Mozilla	Firefox ESR	unspecified
Mozilla	Thunderbird	unspecified

Timeline

Apr 3, 2020 CVE Published
Apr 6, 2020 PoC Published
Nov 8, 2021 PoC Published
Nov 20, 2021 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published

References

https://www.mozilla.org/security/advisories/mfsa2020-14/ url
https://www.mozilla.org/security/advisories/mfsa2020-11/ url
https://bugzilla.mozilla.org/show_bug.cgi?id=1626728 url
USN-4335-1 vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6820 url

Open in Interactive Console →