CVE-2020-6814: 
NixOS vulnerability analysis and mitigation

CVE-2020-6814 is a memory safety vulnerability discovered in Mozilla Firefox and Thunderbird 68.5. The vulnerability was disclosed on March 10, 2020, affecting Firefox versions prior to 74.0, Firefox ESR versions prior to 68.6.0, and Thunderbird versions prior to 68.6.0. Mozilla developers Byron Campen, Jason Kratzer, and Christian Holler reported these memory safety bugs that showed evidence of memory corruption (Mozilla Advisory).

The vulnerability is classified as a memory safety bug that could lead to memory corruption. With a CVSS v3.1 base score of 9.8 (CRITICAL), the vulnerability is characterized by network-based attack vectors with low attack complexity and no required privileges or user interaction. The vulnerability is tracked as CWE-787: Out-of-bounds Write (NVD).

The memory safety bugs showed evidence of memory corruption, and Mozilla security researchers presumed that with sufficient effort, these vulnerabilities could be exploited to execute arbitrary code on affected systems (Mozilla Advisory).

The vulnerability was addressed in Firefox 74.0, Firefox ESR 68.6.0, and Thunderbird 68.6.0. Users are advised to update to these versions or later to mitigate the risk. For Thunderbird specifically, it's noted that these flaws cannot be exploited through email alone since scripting is disabled when reading mail, but they remain potential risks in browser or browser-like contexts (Mozilla Advisory).