PT-2021-2748 · Mozilla+7 · Firefox+9

Christian Holler

·

Published

2021-04-19

·

Updated

2024-12-12

·

CVE-2021-29945

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 88 Firefox ESR versions prior to 78.10 Thunderbird versions prior to 78.10
Description: The issue is related to incorrect calculations in the WebAssembly JIT component of the affected software, which could lead to a crash due to a null read. This problem specifically affects x86-32 platforms, while other platforms are not affected.
Recommendations: For Firefox versions prior to 88, update to version 88 or later. For Firefox ESR versions prior to 78.10, update to version 78.10 or later. For Thunderbird versions prior to 78.10, update to version 78.10 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

ALT-PU-2021-1676
ALT-PU-2021-1687
ALT-PU-2021-1701
ALT-PU-2021-1718
ALT-PU-2021-1804
ALT-PU-2021-1886
ALT-PU-2021-1892
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2021-02284
CESA-2021_1353
CESA-2021_1360
CVE-2021-29945
DLA-2632-1
DLA-2633-1
DSA-4895-1
DSA-4897-1
MGASA-2021-0198
MGASA-2021-0199
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0621-1
OPENSUSE-SU-2021:0644-1
OPENSUSE-SU-2021_0621-1
OPENSUSE-SU-2021_0644-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:1350
RHSA-2021:1351
RHSA-2021:1352
RHSA-2021:1353
RHSA-2021:1360
RHSA-2021:1361
RHSA-2021:1362
RHSA-2021:1363
RHSA-2021_1350
RHSA-2021_1353
RHSA-2021_1360
RHSA-2021_1363
SUSE-SU-2021:1307-1
SUSE-SU-2021:1325-1
SUSE-SU-2021:1432-1
SUSE-SU-2021:1433-1
SUSE-SU-2021:14708-1
SUSE-SU-2021_14708-1
USN-4926-1
USN-4995-1
USN-4995-2

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu