{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.7.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "75", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75."}], "problemTypes": [{"descriptions": [{"description": "Uninitialized memory could be read when using the WebGL copyTexSubImage method", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:07:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625404"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-6821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.7.0"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.7"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "75"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uninitialized memory could be read when using the WebGL copyTexSubImage method"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-13/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-12/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-14/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625404", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625404"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:05.018Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625404"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-6821", "datePublished": "2020-04-24T15:55:25", "dateReserved": "2020-01-10T00:00:00", "dateUpdated": "2024-08-04T09:11:05.018Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "925D894A-1609-43FB-94FE-84B3EAB9CE72", "versionEndExcluding": "75.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5D6475F-6C46-4BF0-B372-900A5B9FAED5", "versionEndExcluding": "68.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF7AEB5A-A52E-45E7-AFBF-546C351A4915", "versionEndExcluding": "68.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75."}, {"lang": "es", "value": "Cuando se lee desde \u00e1reas parcial o completamente fuera del recurso fuente con el m\u00e9todo <code>copyTexSubImage</code> de WebGL, la especificaci\u00f3n requiere que los valores devueltos sean cero. Anteriormente, esta memoria no fue inicializada, conllevando a una divulgaci\u00f3n de datos potencialmente confidenciales. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.7.0, Firefox ESR versiones anteriores a 68.7 y Firefox versiones anteriores a 75."}], "id": "CVE-2020-6821", "lastModified": "2024-11-21T05:36:14.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-24T16:15:13.510", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625404"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-12/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-13/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-14/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeff Gilbert and Kenneth Russell as the original reporters.", "affected_release": [{"advisory": "RHSA-2020:1429", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.7.0-2.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1488", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.7.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-04-16T00:00:00Z"}, {"advisory": "RHSA-2020:1420", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.7.0-2.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-04-09T00:00:00Z"}, {"advisory": "RHSA-2020:1489", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.7.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-04-16T00:00:00Z"}, {"advisory": "RHSA-2020:1406", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.7.0-2.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-08T00:00:00Z"}, {"advisory": "RHSA-2020:1495", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.7.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-16T00:00:00Z"}, {"advisory": "RHSA-2020:1404", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:68.7.0-2.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-04-08T00:00:00Z"}, {"advisory": "RHSA-2020:1496", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.7.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-04-16T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method", "id": "1821674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821674"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-119", "details": ["When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure."], "name": "CVE-2020-6821", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-04-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-6821\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6821\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821"], "threat_severity": "Important"}