PT-2021-7392 · Mozilla+7 · Firefox Esr+9

Alexis Beingessner

+3

·

Published

2021-03-23

·

Updated

2024-12-12

·

CVE-2021-23987

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 87 Firefox ESR versions prior to 78.9 Thunderbird versions prior to 78.9
Description The issue is related to memory safety bugs and buffer copying without checking the size of input data, which could potentially allow an attacker to execute arbitrary code using a specially crafted website. Some of these bugs showed evidence of memory corruption.
Recommendations For Firefox versions prior to 87, update to version 87 or later. For Firefox ESR versions prior to 78.9, update to version 78.9 or later. For Thunderbird versions prior to 78.9, update to version 78.9 or later.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787

Related Identifiers

ALT-PU-2021-1543
ALT-PU-2021-1549
ALT-PU-2021-1562
ALT-PU-2021-1564
ALT-PU-2021-1804
ALT-PU-2021-1886
ALT-PU-2021-1892
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2022-05942
CESA-2021_0990
CESA-2021_0992
CESA-2021_0993
CESA-2021_0996
CVE-2021-23987
DLA-2607-1
DLA-2609-1
DSA-4874-1
DSA-4876-1
MGASA-2021-0163
MGASA-2021-0164
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0487-1
OPENSUSE-SU-2021:0580-1
OPENSUSE-SU-2021_0487-1
OPENSUSE-SU-2021_0580-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:0989
RHSA-2021:0990
RHSA-2021:0991
RHSA-2021:0992
RHSA-2021:0993
RHSA-2021:0994
RHSA-2021:0995
RHSA-2021:0996
RHSA-2021_0990
RHSA-2021_0992
RHSA-2021_0993
RHSA-2021_0996
SUSE-SU-2021:0966-1
SUSE-SU-2021:0999-1
SUSE-SU-2021:1007-1
SUSE-SU-2021:1167-1
SUSE-SU-2021:14684-1
SUSE-SU-2021_14684-1
USN-4893-1
USN-4995-1
USN-4995-2

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu