Information Leak

2020-08-0621:32:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

Mozilla Developer Nicolas Silva is vulnerable to information leak. It is found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content.

CPENameOperatorVersion
firefox:3.12eq76.0.1-r1
firefox:3.12eq76.0.1-r0
firefox:bioniceq59.0.2+build1
firefox:focaleq75.0+build3
firefox:eoaneq69.0.3+build1
firefox:xenialeq45.0.2+build1
firefox:edgeeq76.0.1-r1
firefox:edgeeq74.0-r1
firefox:edgeeq74.0.1-r0
firefox:edgeeq73.0.1-r1

Name	Operator	Version
firefox:3.12	eq	76.0.1-r1
firefox:3.12	eq	76.0.1-r0
firefox:bionic	eq	59.0.2+build1
firefox:focal	eq	75.0+build3
firefox:eoan	eq	69.0.3+build1
firefox:xenial	eq	45.0.2+build1
firefox:edge	eq	76.0.1-r1
firefox:edge	eq	74.0-r1
firefox:edge	eq	74.0.1-r0
firefox:edge	eq	73.0.1-r1