Search for vulnerabilities
Vulnerability details: VCID-kvrc-hr7g-aaam
Vulnerability ID VCID-kvrc-hr7g-aaam
Aliases CVE-2020-26971
Summary Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26971.html
rhas Important https://access.redhat.com/errata/RHSA-2020:5561
rhas Important https://access.redhat.com/errata/RHSA-2020:5562
rhas Important https://access.redhat.com/errata/RHSA-2020:5563
rhas Important https://access.redhat.com/errata/RHSA-2020:5564
rhas Important https://access.redhat.com/errata/RHSA-2020:5565
rhas Important https://access.redhat.com/errata/RHSA-2020:5618
rhas Important https://access.redhat.com/errata/RHSA-2020:5622
rhas Important https://access.redhat.com/errata/RHSA-2020:5624
rhas Important https://access.redhat.com/errata/RHSA-2020:5644
rhas Important https://access.redhat.com/errata/RHSA-2020:5645
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26971.json
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.00874 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
epss 0.02003 https://api.first.org/data/v1/epss?cve=CVE-2020-26971
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1908022
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26971
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26973
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26974
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26978
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35111
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35113
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26971
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26971
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26971
archlinux High https://security.archlinux.org/AVG-1315
archlinux High https://security.archlinux.org/AVG-1362
generic_textual Medium https://ubuntu.com/security/notices/USN-4671-1
generic_textual Medium https://ubuntu.com/security/notices/USN-4701-1
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2020-54
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2020-55
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2020-56
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26971.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26971.json
https://api.first.org/data/v1/epss?cve=CVE-2020-26971
https://bugzilla.mozilla.org/show_bug.cgi?id=1663466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35113
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://ubuntu.com/security/notices/USN-4671-1
https://ubuntu.com/security/notices/USN-4701-1
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971
https://www.mozilla.org/security/advisories/mfsa2020-54/
https://www.mozilla.org/security/advisories/mfsa2020-55/
https://www.mozilla.org/security/advisories/mfsa2020-56/
1908022 https://bugzilla.redhat.com/show_bug.cgi?id=1908022
ASA-202012-23 https://security.archlinux.org/ASA-202012-23
ASA-202012-25 https://security.archlinux.org/ASA-202012-25
AVG-1315 https://security.archlinux.org/AVG-1315
AVG-1362 https://security.archlinux.org/AVG-1362
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2020-26971 https://nvd.nist.gov/vuln/detail/CVE-2020-26971
GLSA-202012-20 https://security.gentoo.org/glsa/202012-20
mfsa2020-54 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54
mfsa2020-55 https://www.mozilla.org/en-US/security/advisories/mfsa2020-55
mfsa2020-56 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56
RHSA-2020:5561 https://access.redhat.com/errata/RHSA-2020:5561
RHSA-2020:5562 https://access.redhat.com/errata/RHSA-2020:5562
RHSA-2020:5563 https://access.redhat.com/errata/RHSA-2020:5563
RHSA-2020:5564 https://access.redhat.com/errata/RHSA-2020:5564
RHSA-2020:5565 https://access.redhat.com/errata/RHSA-2020:5565
RHSA-2020:5618 https://access.redhat.com/errata/RHSA-2020:5618
RHSA-2020:5622 https://access.redhat.com/errata/RHSA-2020:5622
RHSA-2020:5624 https://access.redhat.com/errata/RHSA-2020:5624
RHSA-2020:5644 https://access.redhat.com/errata/RHSA-2020:5644
RHSA-2020:5645 https://access.redhat.com/errata/RHSA-2020:5645
USN-4671-1 https://usn.ubuntu.com/4671-1/
USN-4701-1 https://usn.ubuntu.com/4701-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26971.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-26971
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-26971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-26971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70226
EPSS Score 0.00304
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.