A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 87.0-1 | firefox_87.0-1_all.deb |
Debian | 12 | all | firefox-esr | < 78.9.0esr-1 | firefox-esr_78.9.0esr-1_all.deb |
Debian | 11 | all | firefox-esr | < 78.9.0esr-1 | firefox-esr_78.9.0esr-1_all.deb |
Debian | 10 | all | firefox-esr | < 78.9.0esr-1~deb10u1 | firefox-esr_78.9.0esr-1~deb10u1_all.deb |
Debian | 999 | all | firefox-esr | < 78.9.0esr-1 | firefox-esr_78.9.0esr-1_all.deb |
Debian | 13 | all | firefox-esr | < 78.9.0esr-1 | firefox-esr_78.9.0esr-1_all.deb |
Debian | 12 | all | thunderbird | < 1:78.9.0-1 | thunderbird_1:78.9.0-1_all.deb |
Debian | 11 | all | thunderbird | < 1:78.9.0-1 | thunderbird_1:78.9.0-1_all.deb |
Debian | 10 | all | thunderbird | < 1:78.9.0-1~deb10u1 | thunderbird_1:78.9.0-1~deb10u1_all.deb |
Debian | 999 | all | thunderbird | < 1:78.9.0-1 | thunderbird_1:78.9.0-1_all.deb |