PT-2021-2743 · Mozilla+7 · Firefox+9

Abraruddin Khan

+1

·

Published

2021-04-19

·

Updated

2024-12-12

·

CVE-2021-23994

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Firefox ESR versions prior to 78.10 Thunderbird versions prior to 78.10 Firefox versions prior to 88
Description: The issue is related to a WebGL component, specifically a framebuffer that was not initialized early enough, resulting in memory corruption and an out of bounds write. This can lead to arbitrary code execution by a remote attacker.
Recommendations: For Firefox ESR versions prior to 78.10, update to version 78.10 or later. For Thunderbird versions prior to 78.10, update to version 78.10 or later. For Firefox versions prior to 88, update to version 88 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-787

Related Identifiers

ALT-PU-2021-1676
ALT-PU-2021-1687
ALT-PU-2021-1701
ALT-PU-2021-1718
ALT-PU-2021-1804
ALT-PU-2021-1886
ALT-PU-2021-1892
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2021-02279
CESA-2021_1353
CESA-2021_1360
CVE-2021-23994
DLA-2632-1
DLA-2633-1
DSA-4895-1
DSA-4897-1
MGASA-2021-0198
MGASA-2021-0199
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0621-1
OPENSUSE-SU-2021:0644-1
OPENSUSE-SU-2021_0621-1
OPENSUSE-SU-2021_0644-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:1350
RHSA-2021:1351
RHSA-2021:1352
RHSA-2021:1353
RHSA-2021:1360
RHSA-2021:1361
RHSA-2021:1362
RHSA-2021:1363
RHSA-2021_1350
RHSA-2021_1353
RHSA-2021_1360
RHSA-2021_1363
SUSE-SU-2021:1307-1
SUSE-SU-2021:1325-1
SUSE-SU-2021:1432-1
SUSE-SU-2021:1433-1
SUSE-SU-2021:14708-1
SUSE-SU-2021_14708-1
USN-4926-1
USN-4995-1
USN-4995-2

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu