PT-2020-16584 · Mozilla+6 · Firefox+8

Abraruddin Khan

+1

·

Published

2020-12-15

·

Updated

2024-12-12

·

CVE-2020-26971

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 84 Thunderbird versions prior to 78.6 Firefox ESR versions prior to 78.6
Description The issue arises from certain blit values provided by the user not being properly constrained, leading to a heap buffer overflow on some video drivers.
Recommendations For Firefox versions prior to 84, update to version 84 or later. For Thunderbird versions prior to 78.6, update to version 78.6 or later. For Firefox ESR versions prior to 78.6, update to version 78.6 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3513
ALT-PU-2020-3515
ALT-PU-2020-3529
ALT-PU-2021-1151
ALT-PU-2021-1200
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CESA-2020_5562
CESA-2020_5618
CESA-2020_5624
CVE-2020-26971
DLA-2496-1
DLA-2497-1
DSA-4813-1
DSA-4815-1
MGASA-2020-0461
MGASA-2020-0462
OESA-2023-1673
OESA-2023-1674
OESA-2024-1574
OESA-2024-1575
OPENSUSE-SU-2020:2317-1
OPENSUSE-SU-2020:2318-1
OPENSUSE-SU-2020:2324-1
OPENSUSE-SU-2020:2325-1
OPENSUSE-SU-2020_2317-1
OPENSUSE-SU-2020_2318-1
OPENSUSE-SU-2020_2324-1
OPENSUSE-SU-2020_2325-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:5561
RHSA-2020:5562
RHSA-2020:5563
RHSA-2020:5564
RHSA-2020:5565
RHSA-2020:5618
RHSA-2020:5622
RHSA-2020:5624
RHSA-2020:5644
RHSA-2020:5645
RHSA-2020_5561
RHSA-2020_5562
RHSA-2020_5618
RHSA-2020_5624
SUSE-SU-2020:14584-1
SUSE-SU-2020:3900-1
SUSE-SU-2020:3901-1
SUSE-SU-2020:3902-1
SUSE-SU-2020:3903-1
SUSE-SU-2020:3935-1
SUSE-SU-2020_14584-1
USN-4671-1
USN-4701-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu