PT-2021-4399 · Mozilla+8 · Firefox Esr+10

Yangkang

·

Published

2021-10-05

·

Updated

2024-12-12

·

CVE-2021-38496

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 91.2 Thunderbird versions prior to 78.15 Firefox ESR versions prior to 91.2 Firefox ESR versions prior to 78.15 Firefox versions prior to 93
Description The issue is related to operations on MessageTasks, where a task may be removed while still scheduled, leading to memory corruption and a potentially exploitable crash. This is also associated with a memory release error. Exploitation of this issue could allow a remote attacker to execute arbitrary code in the system.
Recommendations For Thunderbird versions prior to 91.2, update to version 91.2 or later. For Thunderbird versions prior to 78.15, update to version 78.15 or later. For Firefox ESR versions prior to 91.2, update to version 91.2 or later. For Firefox ESR versions prior to 78.15, update to version 78.15 or later. For Firefox versions prior to 93, update to version 93 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-2981
ALT-PU-2021-2992
ALT-PU-2021-2995
ALT-PU-2021-3003
ALT-PU-2021-3004
ALT-PU-2021-3005
ALT-PU-2021-3026
ALT-PU-2021-3069
ALT-PU-2021-3097
ALT-PU-2021-3118
ALT-PU-2021-3368
ALT-PU-2021-3370
ALT-PU-2022-1782
ALT-PU-2022-1783
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2023-1138
ALT-PU-2023-4336
BDU:2021-05029
CESA-2021_3755
CESA-2021_3791
CESA-2021_3838
CESA-2021_3841
CVE-2021-38496
DLA-2782-1
DLA-2874-1
DSA-4981-1
DSA-5034-1
MGASA-2021-0469
MGASA-2021-0478
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1367-1
OPENSUSE-SU-2021:1635-1
OPENSUSE-SU-2021:3331-1
OPENSUSE-SU-2021:3451-1
OPENSUSE-SU-2021:4150-1
OPENSUSE-SU-2021_1367-1
OPENSUSE-SU-2021_1635-1
OPENSUSE-SU-2021_3331-1
OPENSUSE-SU-2021_3451-1
OPENSUSE-SU-2021_4150-1
OPENSUSE-SU-2024:11570-1
OPENSUSE-SU-2024:11571-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:3755
RHSA-2021:3756
RHSA-2021:3757
RHSA-2021:3791
RHSA-2021:3838
RHSA-2021:3839
RHSA-2021:3840
RHSA-2021:3841
RHSA-2021_3755
RHSA-2021_3791
RHSA-2021_3838
RHSA-2021_3841
RLSA-2021:3755
RLSA-2021:3838
SUSE-SU-2021:14826-1
SUSE-SU-2021:3331-1
SUSE-SU-2021:3446-1
SUSE-SU-2021:3451-1
SUSE-SU-2021:4150-1
SUSE-SU-2021_14826-1
USN-5107-1
USN-5132-1
USN-5248-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu