Home

CVE-2020-6798

Description

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.646

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.5.0)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.5.0)Windows
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 are fixed in Mozilla Firefox ESR (x64) (68.5.0)Windows
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 are fixed in Mozilla Firefox ESR (68.5.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (73.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (73.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (73.0.1)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (73.0.1)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (73.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (73.0.1)Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800,CVE-2020-6801 are fixed in Mozilla Firefox For Mac (73.0)Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800,CVE-2020-6801 are fixed in Mozilla Firefox For Mac (73.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (68.5.0)Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 68.4.1Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800 are affected in Firefox ESR for Mac 68.4.1Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800 are affected in Mozilla Firefox for Mac 68.4.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 72.0.2Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800 are fixed in Mozilla Firefox For Mac 68.5Mac
firefox-esr security update(DSA-4620-1) firefox-esr_68.5.0esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4620-1) firefox-esr_68.5.0esr-1~deb9u1_amd64.debLinux
firefox-esr security update(DSA-4620-1) firefox-esr_68.5.0esr-1~deb10u1_i386.debLinux
firefox-esr security update(DSA-4620-1) firefox-esr_68.5.0esr-1~deb10u1_amd64.debLinux
Mozilla Open Source web browser (USN-4278-1) firefox_73.0+build3-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source web browser (USN-4278-1) firefox_73.0+build3-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-4278-1) firefox_73.0+build3-0ubuntu0.19.10.1_i386.debLinux
Mozilla Open Source web browser (USN-4278-1) firefox_73.0+build3-0ubuntu0.19.10.1_amd64.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb10u1_i386.debLinux
thunderbird security update(DSA-4625-1) thunderbird_68.5.0-1~deb10u1_amd64.debLinux
(RHSA-2020:0520) firefox security update firefox-68.5.0-2.el7_7.i686.rpmLinux
(RHSA-2020:0520) firefox security update firefox-68.5.0-2.el7_7.x86_64.rpmLinux
(RHSA-2020:0521) firefox security update firefox-68.5.0-2.el6_10.i686.rpmLinux
(RHSA-2020:0521) firefox security update firefox-68.5.0-2.el6_10.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.5.0-109.106.1.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.5.0-109.106.1.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.5.0-109.106.1.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.5.0-109.106.1.x86_64.rpmLinux
(RHSA-2020:0574) thunderbird security update thunderbird-68.5.0-1.el6_10.i686.rpmLinux
(RHSA-2020:0574) thunderbird security update thunderbird-68.5.0-1.el6_10.x86_64.rpmLinux
(RHSA-2020:0576) thunderbird security update thunderbird-68.5.0-1.el7_7.x86_64.rpmLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.19.10.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4328-1) thunderbird_68.7.0+build1-0ubuntu0.19.10.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4335-1) thunderbird_68.7.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4335-1) thunderbird_68.7.0+build1-0ubuntu0.16.04.2_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312894Mozilla Thunderbird (x64) (68.5.0)
PATCH-312889Mozilla Thunderbird (68.5.0)
PATCH-312884Mozilla Firefox ESR (x64) (68.5.0)
PATCH-312882Mozilla Firefox ESR (68.5.0)
PATCH-312881Mozilla Firefox (x64) (73.0)
PATCH-312880Mozilla Firefox (73.0)
PATCH-312956Mozilla Firefox (73.0.1)
PATCH-312957Mozilla Firefox (x64) (73.0.1)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234