CVE-2021-23981

Summary

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 78.9affected
MozillaFirefoxunspecified < 87affected
MozillaThunderbirdunspecified < 78.9affected

Weaknesses

  • Texture upload into an unbound backing buffer resulted in an out-of-bound read

ADP Enrichment

CVE Program Container

Additional References

References