CVE-2020-26971

Опубликовано: 15 дек. 2020

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

The Mozilla Foundation Security Advisory describes this flaw as: Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	thunderbird	Out of support scope
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	firefox	Fixed	RHSA-2020:5561	16.12.2020
Red Hat Enterprise Linux 7	thunderbird	Fixed	RHSA-2020:5618	17.12.2020
Red Hat Enterprise Linux 8	firefox	Fixed	RHSA-2020:5562	16.12.2020
Red Hat Enterprise Linux 8	thunderbird	Fixed	RHSA-2020:5624	17.12.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	firefox	Fixed	RHSA-2020:5565	16.12.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	thunderbird	Fixed	RHSA-2020:5645	21.12.2020
Red Hat Enterprise Linux 8.1 Extended Update Support	firefox	Fixed	RHSA-2020:5564	16.12.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=1908022Mozilla: Heap buffer overflow in WebGL

EPSS

Процентиль: 77%

0.0106

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2020-26971

CVSS3: 8.8

ubuntu

около 5 лет назад

CVE-2020-26971

CVSS3: 8.8

nvd

около 5 лет назад

CVE-2020-26971

CVSS3: 8.8

debian

около 5 лет назад

Certain blit values provided by the user were not properly constrained ...

GHSA-x6rc-q735-q8qg

github

больше 3 лет назад

ELSA-2020-5624-1

oracle-oval

около 5 лет назад

ELSA-2020-5624-1: thunderbird security update (IMPORTANT)

EPSS

Процентиль: 77%

0.0106

Низкий

8.8 High

CVSS3