Mozilla today pushed out nine patches today covering three products Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5.

Firefox
73
had six vulnerabilities with CVE-2020-6796, CVE-2020-6800 and CVE-2020-6801
regarded as having a high impact. The first is a missing bounds check that
could cause a memory corruption and a potentially exploitable crash. The second
and third are a memory safety bug that could potentially be exploited to run
arbitrary code.

The remaining
three Firefox 73 flaws: CVE-2020-6797, CVE-2020-6798 and CVE-2020-6799, are
rated as moderate.

Firefox
ESR 68.5
is vulnerable to five of the issues affecting Firefox 73 CVE-2020-6796,
CVE-2020-6797, CVE-2020-6798, CVE-2020-6799 and CVE-2020-6800. It is impacted
by CVE-2020-6801.

Thunderbird
68.5
has four unique problems that were patched. First is the low-rated CVE-2020-6792,
this takes place when a Message ID calculation was based on uninitialized data
resulting in uninitialized
memory was used in addition to the message contents. The moderate-rated CVE-2020-6793
is an out-of-bounds read issue that crops up when processing certain email
messages.  CVE-2020-6794, fixes an issue
where older, unencrypted passwords are not deleted potentially giving an unauthorized
user access to these passwords. CVE-2020-6795 endangers a system when processing
a message that contains multiple S/MIME signatures, a bug in the MIME
processing code caused a null pointer dereference, leading to an unexploitable
crash.

CVE-2020-6798
and CVE-2020-6800 also affects Thunderbird 68.5.