MGASA-2020-0163

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2020-0163.html
Import Source
https://advisories.mageia.org/MGASA-2020-0163.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2020-0163
Related
Published
2020-04-08T17:12:00Z
Modified
2026-03-25T17:59:09.565909Z
Summary
Updated firefox packages fix security vulnerabilities
Details

Updated firefox packages fix security vulnerabilities:

When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure (CVE-2020-6821).

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code (CVE-2020-6822).

Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-6825).

References
Credits

Affected packages

Mageia:7 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?arch=source&distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
68.7.0-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2020-0163.json"

Mageia:7 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
68.7.0-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2020-0163.json"