ALAS2-2021-1632 --- thunderbirdID: oval:org.secpod.oval:def:1700604 | Date: (C)2021-04-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
The Mozilla Foundation Security Advisory describes this issue as:A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network"s hosts as well as services running on the user"s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR CVE-2021-23982 (CVE-2021-23984 (CVE-2021-23987