PT-2021-3562 · Mozilla+8 · Firefox+10

Emil Ghitta

+4

·

Published

2021-07-13

·

Updated

2024-12-12

·

CVE-2021-29976

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 90 Firefox ESR versions prior to 78.12 Thunderbird versions prior to 78.12
Description The issue is related to memory safety bugs present in code shared between Firefox and Thunderbird, which can lead to memory corruption. With sufficient effort, these bugs could potentially be exploited to run arbitrary code, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For Firefox versions prior to 90, update to version 90 or later. For Firefox ESR versions prior to 78.12, update to version 78.12 or later. For Thunderbird versions prior to 78.12, update to version 78.12 or later.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2021-2229
ALT-PU-2021-2233
ALT-PU-2021-2248
ALT-PU-2021-2255
ALT-PU-2021-2257
ALT-PU-2021-2261
ALT-PU-2021-2269
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2021-03661
CESA-2021_2741
CESA-2021_2743
CESA-2021_2883
CVE-2021-29976
DLA-2709-1
DLA-2711-1
DSA-4939-1
DSA-4940-1
MGASA-2021-0354
MGASA-2021-0355
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1066-1
OPENSUSE-SU-2021:1091-1
OPENSUSE-SU-2021:2393-1
OPENSUSE-SU-2021:2458-1
OPENSUSE-SU-2021_1066-1
OPENSUSE-SU-2021_1091-1
OPENSUSE-SU-2021_2393-1
OPENSUSE-SU-2021_2458-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:2740
RHSA-2021:2741
RHSA-2021:2742
RHSA-2021:2743
RHSA-2021:2881
RHSA-2021:2882
RHSA-2021:2883
RHSA-2021:2914
RHSA-2021_2741
RHSA-2021_2743
RHSA-2021_2881
RHSA-2021_2883
RLSA-2021:2743
RLSA-2021:2883
SUSE-SU-2021:14766-1
SUSE-SU-2021:2389-1
SUSE-SU-2021:2393-1
SUSE-SU-2021:2458-1
SUSE-SU-2021:2478-1
SUSE-SU-2021_14766-1
USN-5011-1
USN-5058-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu