====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN081
_____________________________________________________________________

DATE                : 09/02/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Firefox versions prior to 85.0.1,
                                       ESR 78.7.1.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2021-06
Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1

Announced        February 5, 2021
Impact           critical
Products         Firefox, Firefox ESR
Fixed in
        Firefox 85.0.1
        Firefox ESR 78.7.1

#MOZ-2021-0001: Buffer overflow in depth pitch calculations for
compressed textures

Reporter         Abraruddin Khan and Omair working with Trend Micro Zero
                   Day Initiative
Impact           critical

Description

In the Angle graphics library, depth pitch computations did not take
into account the block size and simply multiplied the row pitch with the
pixel height. This caused the load functions to use a very high depth
pitch, reading past the end of the user-supplied buffer.

Note: This issue only affected Windows operating systems. Other
operating systems are unaffected.


This issue has been assigned a temporary identifier, pending assignment
of a CVE.


References

    Bug 1676636

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================