CVE-2021-23981 — Out-of-bounds Write in Mozilla Firefox
Severity
8.1HIGHNVD
OSV7.4
EPSS
0.4%
top 41.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 31
Latest updateMay 24
Description
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages9 packages
🔴Vulnerability Details
6GHSA▶
GHSA-6hwg-29mr-qgf8: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corrupt↗2022-05-24
OSV▶
CVE-2021-23981: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corrupt↗2021-03-31
CVEList▶
CVE-2021-23981: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corrupt↗2021-03-31
📋Vendor Advisories
8Red Hat
▶
Debian▶
CVE-2021-23981: firefox - A texture upload of a Pixel Buffer Object could have confused the WebGL code to ...↗2021