cbcvebase.
CVE-2020-6821
published 2020-04-24

CVE-2020-6821: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be…

PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.47%
70.6th percentile
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 75.0-1 (sid)firefox 75.0-1 (sid)
debianfirefox-esr< firefox 75.0-1 (sid)firefox 75.0-1 (sid)
debianthunderbird< firefox 75.0-1 (sid)firefox 75.0-1 (sid)
mozillafirefox< 75.075.0
mozillafirefox
mozillafirefox>= 0 < 75.0+build3-0ubuntu0.16.04.175.0+build3-0ubuntu0.16.04.1
mozillafirefox>= 0 < 75.0+build3-0ubuntu0.18.04.175.0+build3-0ubuntu0.18.04.1
mozillafirefox>= unspecified < 7575
mozillafirefox_esr< 68.7.068.7.0
mozillafirefox_esr>= unspecified < 68.768.7
mozillathunderbird< 68.7.068.7.0
mozillathunderbird>= 0 < 1:68.7.0-11:68.7.0-1
mozillathunderbird>= 0 < 1:68.7.0-11:68.7.0-1
mozillathunderbird>= 0 < 1:68.7.0-11:68.7.0-1
mozillathunderbird>= 0 < 1:68.7.0-11:68.7.0-1
mozillathunderbird>= 0 < 1:68.7.0+build1-0ubuntu0.16.04.21:68.7.0+build1-0ubuntu0.16.04.2
mozillathunderbird>= 0 < 1:68.7.0+build1-0ubuntu0.18.04.11:68.7.0+build1-0ubuntu0.18.04.1
mozillathunderbird>= unspecified < 68.7.068.7.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.