CVE-2020-6821
published 2020-04-24CVE-2020-6821: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.47%
70.6th percentile
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 75.0-1 (sid) | firefox 75.0-1 (sid) |
| debian | firefox-esr | < firefox 75.0-1 (sid) | firefox 75.0-1 (sid) |
| debian | thunderbird | < firefox 75.0-1 (sid) | firefox 75.0-1 (sid) |
| mozilla | firefox | < 75.0 | 75.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 75.0+build3-0ubuntu0.16.04.1 | 75.0+build3-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 75.0+build3-0ubuntu0.18.04.1 | 75.0+build3-0ubuntu0.18.04.1 |
| mozilla | firefox | >= unspecified < 75 | 75 |
| mozilla | firefox_esr | < 68.7.0 | 68.7.0 |
| mozilla | firefox_esr | >= unspecified < 68.7 | 68.7 |
| mozilla | thunderbird | < 68.7.0 | 68.7.0 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2 | 1:68.7.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.18.04.1 | 1:68.7.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= unspecified < 68.7.0 | 68.7.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-04-21·CVSS 8.8
CVE-2019-11745 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798,
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-04-13·CVSS 6.5
CVE-2020-6792 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60
and then later set a master password, an unencrypted copy of these
passwords would still be accessible. A local user could exploit this to
obtain sensitive info
Red Hat
Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
vendor_redhat·2020-04-08·CVSS 7.5
CVE-2020-6821 [HIGH] CWE-119 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
The Mozilla Foundation Security Advisory describes this flaw as:
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure.
Package: firefox (Red Hat Enterprise Linux
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-04-07·CVSS 7.5
CVE-2020-6821 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822,
CVE-2020-6824, CVE-2020-6825, CVE-2020-6826)
It was discovered that extensions could obtain auth codes from OAuth login
flows in some circumstances. If a user were tricked in to installing a
specially crafted extension, an attacker could potentially exploit this to
obtain access to the user's account. (CVE-2020-6823)
Instructions: After a standard system update you need to rest
Debian
CVE-2020-6821: firefox - When reading from areas partially or fully outside the source resource with WebG...
vendor_debian·2020·CVSS 7.5
CVE-2020-6821 [HIGH] CVE-2020-6821: firefox - When reading from areas partially or fully outside the source resource with WebG...
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
Scope: local
sid: resolved (fixed in 75.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-13: CVE-2020-6821
vendor_mozilla·CVSS 7.5
CVE-2020-6821 [HIGH] Mozilla Foundation Security Advisory 2020-13: CVE-2020-6821
Mozilla Foundation Security Advisory 2020-13
CVE: CVE-2020-6821
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 68.7
Mozilla
Mozilla Foundation Security Advisory 2020-14: CVE-2020-6821
vendor_mozilla·CVSS 7.5
CVE-2020-6821 [HIGH] Mozilla Foundation Security Advisory 2020-14: CVE-2020-6821
Mozilla Foundation Security Advisory 2020-14
CVE: CVE-2020-6821
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 68.7
Mozilla
Mozilla Foundation Security Advisory 2020-12: CVE-2020-6821
vendor_mozilla·CVSS 7.5
CVE-2020-6821 [HIGH] Mozilla Foundation Security Advisory 2020-12: CVE-2020-6821
Mozilla Foundation Security Advisory 2020-12
CVE: CVE-2020-6821
Product: Firefox
Impact: high
Fixed in: Firefox 75
GHSA
GHSA-jj5p-vxx9-rvj7: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va
ghsa_unreviewed·2022-05-24
CVE-2020-6821 [MEDIUM] CWE-119 GHSA-jj5p-vxx9-rvj7: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
OSV
CVE-2020-6821: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va
osv·2020-04-24·CVSS 7.5
CVE-2020-6821 [HIGH] CVE-2020-6821: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned va
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
OSV
thunderbird vulnerabilities
osv·2020-04-21·CVSS 8.8
CVE-2019-11757 [HIGH] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
CVE-2020
OSV
thunderbird vulnerabilities
osv·2020-04-13·CVSS 6.5
CVE-2020-6792 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60
and then later set a master password, an unencrypted copy of these
passwords would still be accessible. A local user could exploit this to
obtain sensitive information. (CVE-2020-6794)
Multiple security issues were discovered i
OSV
firefox vulnerabilities
osv·2020-04-07·CVSS 7.5
CVE-2020-6821 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822,
CVE-2020-6824, CVE-2020-6825, CVE-2020-6826)
It was discovered that extensions could obtain auth codes from OAuth login
flows in some circumstances. If a user were tricked in to installing a
specially crafted extension, an attacker could potentially exploit this to
obtain access to the user's account. (CVE-2020-6823)
No detection rules found.
No public exploits indexed.
Checkpoint
13th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-13
CVE-2020-3952 13th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 13th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 13th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Hammersmith Medicines Research LTD (HMR), a research firm on standby to perform live trials of coronavirus vaccines, has suffered a data breach by the Maze ransomware . HMR has decided not to pay the ransom, only to have stolen data published a week later on the attackers “News” site. The attack compromised volunteers’
Bugzilla
CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
bugzilla·2020-04-07·CVSS 7.5
CVE-2020-6821 [HIGH] CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Jeff Gilbert, Kenneth Russell
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:1404 https://access.redhat.com/errata/RHSA-2020:1404
---
This issue has been addressed in the
https://bugzilla.mozilla.org/show_bug.cgi?id=1625404https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-12/https://www.mozilla.org/security/advisories/mfsa2020-13/https://www.mozilla.org/security/advisories/mfsa2020-14/https://bugzilla.mozilla.org/show_bug.cgi?id=1625404https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-12/https://www.mozilla.org/security/advisories/mfsa2020-13/https://www.mozilla.org/security/advisories/mfsa2020-14/
2020-04-24
Published