Network Security

Mozilla issues patches for Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5

Mozilla today pushed out nine patches today covering three products Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5.

Firefox 73 had six vulnerabilities with CVE-2020-6796, CVE-2020-6800 and CVE-2020-6801 regarded as having a high impact. The first is a missing bounds check that could cause a memory corruption and a potentially exploitable crash. The second and third are a memory safety bug that could potentially be exploited to run arbitrary code.

The remaining three Firefox 73 flaws: CVE-2020-6797, CVE-2020-6798 and CVE-2020-6799, are rated as moderate.

Firefox ESR 68.5 is vulnerable to five of the issues affecting Firefox 73 CVE-2020-6796, CVE-2020-6797, CVE-2020-6798, CVE-2020-6799 and CVE-2020-6800. It is impacted by CVE-2020-6801.

Thunderbird 68.5 has four unique problems that were patched. First is the low-rated CVE-2020-6792, this takes place when a Message ID calculation was based on uninitialized data resulting in uninitialized memory was used in addition to the message contents. The moderate-rated CVE-2020-6793 is an out-of-bounds read issue that crops up when processing certain email messages.  CVE-2020-6794, fixes an issue where older, unencrypted passwords are not deleted potentially giving an unauthorized user access to these passwords. CVE-2020-6795 endangers a system when processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash.

CVE-2020-6798 and CVE-2020-6800 also affects Thunderbird 68.5.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.