PT-2021-2605 · Mozilla+7 · Firefox+9

Alexis Beingessner

+9

·

Published

2021-01-26

·

Updated

2024-12-12

·

CVE-2021-23964

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 85 Firefox ESR versions prior to 78.7 Thunderbird versions prior to 78.7
Description The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code with enough effort. It is also described as a buffer overflow vulnerability in memory, allowing a remote attacker to execute arbitrary code.
Recommendations For Firefox versions prior to 85, update to version 85 or later. For Firefox ESR versions prior to 78.7, update to version 78.7 or later. For Thunderbird versions prior to 78.7, update to version 78.7 or later.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2021-1158
ALT-PU-2021-1160
ALT-PU-2021-1162
ALT-PU-2021-1199
ALT-PU-2021-1200
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2021-02088
CESA-2021_0288
CESA-2021_0298
CVE-2021-23964
DLA-2539-1
DLA-2541-1
DSA-4840-1
DSA-4842-1
MGASA-2021-0065
MGASA-2021-0066
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0208-1
OPENSUSE-SU-2021:0209-1
OPENSUSE-SU-2021:0222-1
OPENSUSE-SU-2021:0223-1
OPENSUSE-SU-2021_0208-1
OPENSUSE-SU-2021_0209-1
OPENSUSE-SU-2021_0222-1
OPENSUSE-SU-2021_0223-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:0285
RHSA-2021:0288
RHSA-2021:0289
RHSA-2021:0290
RHSA-2021:0297
RHSA-2021:0298
RHSA-2021:0299
RHSA-2021:0397
RHSA-2021_0288
RHSA-2021_0290
RHSA-2021_0297
RHSA-2021_0298
SUSE-SU-2021:0241-1
SUSE-SU-2021:0245-1
SUSE-SU-2021:0246-1
SUSE-SU-2021:0257-1
SUSE-SU-2021:0259-1
SUSE-SU-2021:14609-1
SUSE-SU-2021_14609-1
USN-4717-1
USN-4717-2
USN-4736-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu