CVE-2021-23981

{"id": "CVE-2021-23981", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-03-31T14:15:18.907", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9."}, {"lang": "es", "value": "Una carga de textura de un Objeto de B\u00fafer de P\u00edxeles podr\u00eda haber confundido el c\u00f3digo WebGL para omitir el enlace del b\u00fafer usado para descomprimirlo, resultando en la corrupci\u00f3n de la memoria y una filtraci\u00f3n o bloqueo de informaci\u00f3n potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versi\u00f3n 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9."}], "lastModified": "2022-05-03T16:04:40.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3533FF74-0FD6-447B-9C37-D491D18EA529", "versionEndExcluding": "87.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "907D294D-2667-4A67-A4B7-2DDE46BE592D", "versionEndExcluding": "78.9"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB6DE7E3-8F1B-4525-8992-FCDC7CC063D3", "versionEndExcluding": "78.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}