PT-2021-3560 · Mozilla+8 · Firefox+10

Irvan Kurniawan

Published

2021-07-13

Updated

2025-04-03

CVE-2021-29970

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 78.12 Firefox ESR versions prior to 78.12 Firefox versions prior to 90

Description A malicious webpage could trigger a use-after-free, memory corruption, and a potentially exploitable crash. This issue could only be triggered when accessibility was enabled. The vulnerability allows a remote attacker to potentially execute arbitrary code.

Recommendations For Thunderbird versions prior to 78.12, update to version 78.12 or later. For Firefox ESR versions prior to 78.12, update to version 78.12 or later. For Firefox versions prior to 90, update to version 90 or later. As a temporary workaround, consider disabling accessibility features until a patch is available.

Exploit

Fix

Use After Free

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-787

Related Identifiers

ALT-PU-2021-2229

ALT-PU-2021-2233

ALT-PU-2021-2248

ALT-PU-2021-2255

ALT-PU-2021-2257

ALT-PU-2021-2261

ALT-PU-2021-2269

ALT-PU-2021-2725

ALT-PU-2021-2881

ALT-PU-2021-3368

ALT-PU-2021-3369

ALT-PU-2022-1781

ALT-PU-2022-1782

BDU:2021-03659

CESA-2021_2741

CESA-2021_2743

CESA-2021_2883

CVE-2021-29970

DLA-2709-1

DLA-2711-1

DSA-4939-1

DSA-4940-1

MGASA-2021-0354

MGASA-2021-0355

OESA-2023-1673

OESA-2023-1674

OESA-2025-1378

OPENSUSE-SU-2021:1066-1

OPENSUSE-SU-2021:1091-1

OPENSUSE-SU-2021:2393-1

OPENSUSE-SU-2021:2458-1

OPENSUSE-SU-2021_1066-1

OPENSUSE-SU-2021_1091-1

OPENSUSE-SU-2021_2393-1

OPENSUSE-SU-2021_2458-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

RHSA-2021:2740

RHSA-2021:2741

RHSA-2021:2742

RHSA-2021:2743

RHSA-2021:2881

RHSA-2021:2882

RHSA-2021:2883

RHSA-2021:2914

RHSA-2021_2741

RHSA-2021_2743

RHSA-2021_2881

RHSA-2021_2883

RLSA-2021:2743

RLSA-2021:2883

SUSE-SU-2021:14766-1

SUSE-SU-2021:2389-1

SUSE-SU-2021:2393-1

SUSE-SU-2021:2458-1

SUSE-SU-2021:2478-1

SUSE-SU-2021_14766-1

SUSE-SU-2021_2389-1

SUSE-SU-2021_2393-1

SUSE-SU-2021_2478-1

USN-5011-1

USN-5058-1

Affected Products

Alt Linux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2021-3560 · Mozilla+8 · Firefox+10

CVE-2021-29970

Weakness Enumeration

Related Identifiers

Affected Products

References · 2349