CVE-2020-26971

MEDIUM

Description

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1663466

https://www.mozilla.org/security/advisories/mfsa2020-54/

https://www.mozilla.org/security/advisories/mfsa2020-55/

https://www.mozilla.org/security/advisories/mfsa2020-56/

Details

Source: MITRE

Published: 2021-01-07

Updated: 2021-01-11

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
147399NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0018)NessusNewStart CGSL Local Security Checks
high
147342NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0091)NessusNewStart CGSL Local Security Checks
medium
147268NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0089)NessusNewStart CGSL Local Security Checks
medium
145902CentOS 8 : firefox (CESA-2020:5562)NessusCentOS Local Security Checks
medium
145372openSUSE Security Update : MozillaFirefox (openSUSE-2020-2318)NessusSuSE Local Security Checks
medium
145362openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2317)NessusSuSE Local Security Checks
medium
145332openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2324)NessusSuSE Local Security Checks
medium
145294openSUSE Security Update : MozillaFirefox (openSUSE-2020-2325)NessusSuSE Local Security Checks
medium
145221Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4701-1)NessusUbuntu Local Security Checks
high
144798Amazon Linux 2 : thunderbird (ALAS-2021-1586)NessusAmazon Linux Local Security Checks
high
144589GLSA-202012-20 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
144575SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3903-1)NessusSuSE Local Security Checks
medium
144571SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3902-1)NessusSuSE Local Security Checks
medium
144547CentOS 7 : thunderbird (CESA-2020:5618)NessusCentOS Local Security Checks
medium
144532SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3901-1)NessusSuSE Local Security Checks
medium
144512RHEL 8 : thunderbird (RHSA-2020:5644)NessusRed Hat Local Security Checks
high
144511RHEL 8 : thunderbird (RHSA-2020:5645)NessusRed Hat Local Security Checks
high
144457Oracle Linux 8 : ELSA-2020-5624-1: / thunderbird (ELSA-2020-56241)NessusOracle Linux Local Security Checks
medium
144447Oracle Linux 7 : ELSA-2020-5618-1: / thunderbird (ELSA-2020-56181)NessusOracle Linux Local Security Checks
medium
144439Debian DLA-2497-1 : thunderbird security updateNessusDebian Local Security Checks
medium
144426Debian DSA-4815-1 : thunderbird - security updateNessusDebian Local Security Checks
medium
144422RHEL 8 : firefox (RHSA-2020:5562)NessusRed Hat Local Security Checks
medium
144416RHEL 8 : thunderbird (RHSA-2020:5624)NessusRed Hat Local Security Checks
medium
144413RHEL 8 : thunderbird (RHSA-2020:5622)NessusRed Hat Local Security Checks
medium
144406RHEL 8 : firefox (RHSA-2020:5563)NessusRed Hat Local Security Checks
medium
144403RHEL 8 : firefox (RHSA-2020:5565)NessusRed Hat Local Security Checks
medium
144397RHEL 7 : firefox (RHSA-2020:5561)NessusRed Hat Local Security Checks
medium
144386RHEL 7 : thunderbird (RHSA-2020:5618)NessusRed Hat Local Security Checks
medium
144381RHEL 8 : firefox (RHSA-2020:5564)NessusRed Hat Local Security Checks
medium
144374Oracle Linux 8 : ELSA-2020-5562-1: / firefox (ELSA-2020-55621)NessusOracle Linux Local Security Checks
medium
144368Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2020:5618)NessusScientific Linux Local Security Checks
medium
144367Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2020:5561)NessusScientific Linux Local Security Checks
medium
144353Debian DSA-4813-1 : firefox-esr - security updateNessusDebian Local Security Checks
medium
144350Debian DLA-2496-1 : firefox-esr security updateNessusDebian Local Security Checks
medium
144340Oracle Linux 7 : ELSA-2020-5561-1: / firefox (ELSA-2020-55611)NessusOracle Linux Local Security Checks
medium
144299Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Firefox vulnerabilities (USN-4671-1)NessusUbuntu Local Security Checks
high
144285Mozilla Thunderbird < 78.6NessusMacOS X Local Security Checks
medium
144284Mozilla Thunderbird < 78.6NessusWindows
medium
144283Mozilla Firefox < 84.0NessusMacOS X Local Security Checks
high
144282Mozilla Firefox < 84.0NessusWindows
high
144278Mozilla Firefox ESR < 78.6NessusWindows
medium
144277Mozilla Firefox ESR < 78.6NessusMacOS X Local Security Checks
medium