Unrated severityNVD Advisory· Published Apr 24, 2020· Updated Aug 4, 2024
CVE-2020-6821
CVE-2020-6821
Description
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
Affected products
25- osv-coords22 versionspkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1
< 68.7.0-109.116.1+ 21 more
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-3.84.2
- (no CPE)range: < 68.7.0-78.70.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-109.116.1
- (no CPE)range: < 68.7.0-3.77.1
- Range: unspecified
- Range: unspecified
- Mozilla/Firefox ESRv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- usn.ubuntu.com/4335-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-12/mitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-13/mitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-14/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.