PT-2021-3202 · Mozilla+2 · Firefox+4

Ronald Crane

·

Published

2021-06-02

·

Updated

2024-12-12

·

CVE-2021-29964

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 89 Firefox ESR versions prior to 78.11 Thunderbird versions prior to 78.11
Description A locally-installed hostile program could send WM COPYDATA messages that would be processed incorrectly, leading to an out-of-bounds read. This issue only affects Firefox on Windows, with other operating systems being unaffected. The vulnerability allows an attacker to access confidential information using a specially crafted message.
Recommendations For Firefox versions prior to 89, update to version 89 or later. For Firefox ESR versions prior to 78.11, update to version 78.11 or later. For Thunderbird versions prior to 78.11, update to version 78.11 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2021-1908
ALT-PU-2021-1919
ALT-PU-2021-1923
ALT-PU-2021-1958
ALT-PU-2021-1968
ALT-PU-2021-1976
ALT-PU-2021-1977
ALT-PU-2021-3368
ALT-PU-2022-1782
BDU:2021-02898
CVE-2021-29964
MGASA-2021-0242
OPENSUSE-SU-2021:0858-1
OPENSUSE-SU-2021:0910-1
OPENSUSE-SU-2021:1884-1
OPENSUSE-SU-2021:2003-1
OPENSUSE-SU-2021_0858-1
OPENSUSE-SU-2021_0910-1
OPENSUSE-SU-2021_1884-1
OPENSUSE-SU-2021_2003-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2021:14743-1
SUSE-SU-2021:1884-1
SUSE-SU-2021:1886-1
SUSE-SU-2021:1919-1
SUSE-SU-2021:2003-1
SUSE-SU-2021_14743-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird