SB20200407122 - Out-of-bounds read in firefox-esr (Alpine package)
Published: April 7, 2020
Security Bulletin ID
SB20200407122
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2020-6821)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when using WebGL copyTexSubImage method. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds read error and read contents of uninitialized memory on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=174183ffc582462ae8eaf468da032a6642e140c4
- https://git.alpinelinux.org/aports/commit/?id=9e2f5a5133c02cac8537d753874de3c9ba0ad559
- https://git.alpinelinux.org/aports/commit/?id=cd10d6d99b0bd648c2c7d300f927db55bbc1cf03
- https://git.alpinelinux.org/aports/commit/?id=e59828690fd9f113c4135307defdd4de09b962ad
- https://git.alpinelinux.org/aports/commit/?id=3f24b0ed71ac2a532796e4f065c755d1e92a6858