PT-2021-6613 · Mozilla+5 · Thunderbird+6

Lukas Bernhard

·

Published

2021-08-10

·

Updated

2024-12-12

·

CVE-2021-29982

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 91 Thunderbird versions prior to 91
Description The issue is related to a component in the JIT compiler of Firefox and Thunderbird, which is associated with a resource not being released after its expiration. This could allow a remote attacker to access confidential data. The problem arises due to incorrect JIT optimization, leading to the incorrect interpretation of data from the wrong type of object, potentially resulting in a memory leak.
Recommendations For Firefox versions prior to 91, update to version 91 or later to resolve the issue. For Thunderbird versions prior to 91, update to version 91 or later to resolve the issue.

Exploit

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALT-PU-2021-2488
ALT-PU-2021-2636
ALT-PU-2021-2718
ALT-PU-2021-2725
ALT-PU-2021-2849
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2021-3370
ALT-PU-2022-1781
ALT-PU-2022-1782
ALT-PU-2022-1783
BDU:2022-01890
CVE-2021-29982
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1367-1
OPENSUSE-SU-2021:1635-1
OPENSUSE-SU-2021:3331-1
OPENSUSE-SU-2021:3451-1
OPENSUSE-SU-2021:4150-1
OPENSUSE-SU-2021_1367-1
OPENSUSE-SU-2021_1635-1
OPENSUSE-SU-2021_3331-1
OPENSUSE-SU-2021_3451-1
OPENSUSE-SU-2021_4150-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2021:14821-1
SUSE-SU-2021:14826-1
SUSE-SU-2021:3191-1
SUSE-SU-2021:3331-1
SUSE-SU-2021:3451-1
SUSE-SU-2021:4150-1
SUSE-SU-2021_14821-1
SUSE-SU-2021_14826-1
SUSE-SU-2022:1577-1
SUSE-SU-2022:1582-1
SUSE-SU-2022_1577-1
SUSE-SU-2022_1582-1
USN-5037-1
USN-5037-2
USN-5248-1

Affected Products

Alt Linux
Astra Linux
Firefox
Linuxmint
Suse
Thunderbird
Ubuntu