PT-2021-5362 · Mozilla+9 · Firefox Esr+11

Paul Zühlcke

Published

2021-12-07

Updated

2024-12-12

CVE-2021-43545

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Thunderbird versions prior to 91.4.0 Mozilla Firefox ESR versions prior to 91.4.0 Mozilla Firefox versions prior to 95

Description The issue is related to the execution of a loop with an unreachable exit condition, potentially allowing a remote attacker to cause a denial of service via an infinite loop error when using the Location API. This could lead to severe application hangs and crashes.

Recommendations For Mozilla Thunderbird versions prior to 91.4.0, update to version 91.4.0 or later. For Mozilla Firefox ESR versions prior to 91.4.0, update to version 91.4.0 or later. For Mozilla Firefox versions prior to 95, update to version 95 or later. As a temporary workaround, consider restricting the use of the Location API in loops to minimize the risk of exploitation.

Exploit

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-834

Related Identifiers

ALSA-2021:5013

ALSA-2021:5045

ALT-PU-2021-3493

ALT-PU-2021-3496

ALT-PU-2021-3506

ALT-PU-2021-3510

ALT-PU-2021-3533

ALT-PU-2021-3541

ALT-PU-2021-3576

ALT-PU-2021-3582

ALT-PU-2022-1781

ALT-PU-2022-1783

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2021-06192

CESA-2021_5013

CESA-2021_5014

CESA-2021_5045

CVE-2021-43545

DLA-2863-1

DLA-2874-1

DSA-5026-1

DSA-5034-1

MGASA-2021-0551

MGASA-2021-0554

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2021:1575-1

OPENSUSE-SU-2021:1635-1

OPENSUSE-SU-2021:3993-1

OPENSUSE-SU-2021:4150-1

OPENSUSE-SU-2021_1575-1

OPENSUSE-SU-2021_1635-1

OPENSUSE-SU-2021_3993-1

OPENSUSE-SU-2021_4150-1

OPENSUSE-SU-2024:11669-1

OPENSUSE-SU-2024:11670-1

OPENSUSE-SU-2024:14572-1

RHSA-2021:5013

RHSA-2021:5014

RHSA-2021:5015

RHSA-2021:5016

RHSA-2021:5017

RHSA-2021:5045

RHSA-2021:5046

RHSA-2021:5047

RHSA-2021:5048

RHSA-2021:5055

RHSA-2021_5013

RHSA-2021_5014

RHSA-2021_5045

RHSA-2021_5046

RLSA-2021:5013

RLSA-2021:5045

SUSE-SU-2021:14859-1

SUSE-SU-2021:3993-1

SUSE-SU-2021:3995-1

SUSE-SU-2021:4000-1

SUSE-SU-2021:4150-1

SUSE-SU-2021_14859-1

USN-5186-1

USN-5186-2

USN-5246-1

USN-5248-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Firefox

Firefox Esr

Thunderbird

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-5362 · Mozilla+9 · Firefox Esr+11

CVE-2021-43545

Weakness Enumeration

Related Identifiers

Affected Products

References · 2321