Mozilla today pushed out nine patches today covering three products Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5.
Firefox 73 had six vulnerabilities with CVE-2020-6796, CVE-2020-6800 and CVE-2020-6801 regarded as having a high impact. The first is a missing bounds check that could cause a memory corruption and a potentially exploitable crash. The second and third are a memory safety bug that could potentially be exploited to run arbitrary code.
The remaining three Firefox 73 flaws: CVE-2020-6797, CVE-2020-6798 and CVE-2020-6799, are rated as moderate.
Firefox ESR 68.5 is vulnerable to five of the issues affecting Firefox 73 CVE-2020-6796, CVE-2020-6797, CVE-2020-6798, CVE-2020-6799 and CVE-2020-6800. It is impacted by CVE-2020-6801.
Thunderbird 68.5 has four unique problems that were patched. First is the low-rated CVE-2020-6792, this takes place when a Message ID calculation was based on uninitialized data resulting in uninitialized memory was used in addition to the message contents. The moderate-rated CVE-2020-6793 is an out-of-bounds read issue that crops up when processing certain email messages. CVE-2020-6794, fixes an issue where older, unencrypted passwords are not deleted potentially giving an unauthorized user access to these passwords. CVE-2020-6795 endangers a system when processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash.
CVE-2020-6798 and CVE-2020-6800 also affects Thunderbird 68.5.