CVE-2020-6800: 
NixOS vulnerability analysis and mitigation

CVE-2020-6800 is a memory safety vulnerability discovered in Mozilla Firefox 72, Firefox ESR 68.4, and Thunderbird. The vulnerability was disclosed on February 11, 2020, affecting Firefox versions < 73, Firefox ESR versions < 68.5, and Thunderbird versions < 68.5. Mozilla developers and community members reported memory safety bugs that showed evidence of memory corruption, which could potentially be exploited to run arbitrary code (Mozilla Advisory).

The vulnerability is classified as a memory safety bug with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is categorized as CWE-787 (Out-of-bounds Write). These bugs showed evidence of memory corruption and could potentially be exploited with sufficient effort (NVD).

The vulnerability could potentially allow an attacker to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. In Thunderbird, these flaws cannot be exploited through email because scripting is disabled when reading mail, but they remain potential risks in browser or browser-like contexts (Ubuntu Advisory).

The vulnerability was addressed in Firefox 73.0, Firefox ESR 68.5, and Thunderbird 68.5. Users are advised to upgrade to these versions or later to mitigate the risk. Various Linux distributions also released security updates, including Ubuntu and Gentoo, to address this vulnerability (Gentoo Advisory, Ubuntu Advisory).