PT-2021-15635 · Mozilla+7 · Firefox+9

Alexis Beingessner

+3

·

Published

2021-02-23

·

Updated

2024-12-12

·

CVE-2021-23978

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86 Thunderbird versions prior to 78.8 Firefox ESR versions prior to 78.8
Description: The issue is related to memory safety bugs present in certain versions of Firefox and Thunderbird, which could potentially be exploited to run arbitrary code due to evidence of memory corruption.
Recommendations: For Firefox versions prior to 86, update to version 86 or later. For Thunderbird versions prior to 78.8, update to version 78.8 or later. For Firefox ESR versions prior to 78.8, update to version 78.8 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-1396
ALT-PU-2021-1399
ALT-PU-2021-1406
ALT-PU-2021-1410
ALT-PU-2021-1418
ALT-PU-2021-1428
ALT-PU-2021-1430
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CESA-2021_0655
CESA-2021_0656
CESA-2021_0657
CESA-2021_0661
CVE-2021-23978
DLA-2575-1
DLA-2578-1
DSA-4862-1
DSA-4866-1
MGASA-2021-0096
MGASA-2021-0097
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0373-1
OPENSUSE-SU-2021:0387-1
OPENSUSE-SU-2021_0373-1
OPENSUSE-SU-2021_0387-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:0655
RHSA-2021:0656
RHSA-2021:0657
RHSA-2021:0658
RHSA-2021:0659
RHSA-2021:0660
RHSA-2021:0661
RHSA-2021:0662
RHSA-2021_0655
RHSA-2021_0656
RHSA-2021_0657
RHSA-2021_0661
SUSE-SU-2021:0659-1
SUSE-SU-2021:0661-1
SUSE-SU-2021:0667-1
SUSE-SU-2021:0676-1
SUSE-SU-2021:14657-1
SUSE-SU-2021_14657-1
USN-4756-1
USN-4936-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu