Mozilla Foundation Security Advisory 2021-06

Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1

Announced

February 5, 2021

Impact

critical

Products

Firefox, Firefox ESR

Fixed in

Firefox 85.0.1
Firefox ESR 78.7.1

#CVE-2020-16048: Buffer overflow in depth pitch calculations for compressed textures

Reporter: Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative
Impact: critical

Description

In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.
Note: This issue only affected Windows operating systems. Other operating systems are unaffected.

References

Bug 1676636

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice