CVE-2020-6821 — Use of Uninitialized Resource in Mozilla Firefox
Severity
7.5HIGHNVD
OSV8.8OSV6.5
EPSS
0.5%
top 32.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 24
Latest updateMay 24
Description
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages9 packages
🔴Vulnerability Details
6GHSA▶
GHSA-jj5p-vxx9-rvj7: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va↗2022-05-24
CVEList▶
CVE-2020-6821: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va↗2020-04-24
OSV▶
CVE-2020-6821: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va↗2020-04-24
📋Vendor Advisories
8Red Hat
▶
Debian▶
CVE-2020-6821: firefox - When reading from areas partially or fully outside the source resource with WebG...↗2020
💬Community
1Bugzilla▶
CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method↗2020-04-07