user/thunderbird: multiple vulnerabilities
|Alias(es)||CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825|
|Reporter||Max Rees (sroracle)|
|Assignee||Max Rees (sroracle)|
|Reported||2020-04-14 15:08:55 -0500|
|Modified||2020-04-19 00:52:45 -0500|
|Hardware||Adélie Linux / All|
|Importance||--- / normal|
Under certain conditions, when running the nsDocShell destructor, a
race condition can cause a use-after-free.
Under certain conditions, when handling a ReadableStream, a race
condition can cause a use-after-free.
When reading from areas partially or fully outside the source resource
with WebGL's copyTexSubImage method, the specification requires the
returned values be zero. Previously, this memory was uninitialized,
leading to potentially sensitive data disclosure.
On 32-bit builds, an out of bounds write could have occurred when
processing an image larger than 4 GB in GMPDecodeData. It is possible
that with enough effort this could have been exploited to run
Mozilla developers Tyson Smith and Christian Holler reported memory
safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these
bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary