Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2021-06

Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1

Announced
February 5, 2021
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 85.0.1
  • Firefox ESR 78.7.1

#CVE-2020-16048: Buffer overflow in depth pitch calculations for compressed textures

Reporter
Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative
Impact
critical
Description

In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.
Note: This issue only affected Windows operating systems. Other operating systems are unaffected.

References