An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 70"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 68.2"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 68.2"
}
]
}
]