PT-2021-4462 · Mozilla+8 · Firefox Esr+10

M.Cooolie

·

Published

2021-10-05

·

Updated

2024-12-12

·

CVE-2021-38498

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 93 Thunderbird versions prior to 91.2 Firefox ESR versions prior to 91.2
Description The issue is related to a use-after-free of a languages service object during process shutdown, potentially leading to memory corruption and a crash. This could be exploited by a remote attacker to execute arbitrary code.
Recommendations For Firefox versions prior to 93, update to version 93 or later. For Thunderbird versions prior to 91.2, update to version 91.2 or later. For Firefox ESR versions prior to 91.2, update to version 91.2 or later.

Exploit

Fix

Buffer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-416

Related Identifiers

ALT-PU-2021-2981
ALT-PU-2021-2992
ALT-PU-2021-3004
ALT-PU-2021-3005
ALT-PU-2021-3026
ALT-PU-2021-3069
ALT-PU-2021-3097
ALT-PU-2021-3118
ALT-PU-2021-3368
ALT-PU-2021-3370
ALT-PU-2022-1782
ALT-PU-2022-1783
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2023-1138
ALT-PU-2023-4336
BDU:2021-05095
BDU:2021-05096
CESA-2021_3755
CESA-2021_3791
CESA-2021_3838
CESA-2021_3841
CVE-2021-38498
MGASA-2021-0469
MGASA-2021-0478
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1367-1
OPENSUSE-SU-2021:1635-1
OPENSUSE-SU-2021:3331-1
OPENSUSE-SU-2021:3451-1
OPENSUSE-SU-2021:4150-1
OPENSUSE-SU-2021_1367-1
OPENSUSE-SU-2021_1635-1
OPENSUSE-SU-2021_3331-1
OPENSUSE-SU-2021_3451-1
OPENSUSE-SU-2021_4150-1
OPENSUSE-SU-2024:11570-1
OPENSUSE-SU-2024:11571-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:3755
RHSA-2021:3756
RHSA-2021:3757
RHSA-2021:3791
RHSA-2021:3838
RHSA-2021:3839
RHSA-2021:3840
RHSA-2021:3841
RHSA-2021_3755
RHSA-2021_3791
RHSA-2021_3838
RHSA-2021_3841
RLSA-2021:3755
RLSA-2021:3838
SUSE-SU-2021:14826-1
SUSE-SU-2021:3331-1
SUSE-SU-2021:3446-1
SUSE-SU-2021:3451-1
SUSE-SU-2021:4150-1
SUSE-SU-2021_14826-1
USN-5107-1
USN-5132-1
USN-5248-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu