PT-2021-7424 · Microsoft+3 · Windows+5

James Forshaw

Published

2021-05-04

Updated

2022-07-12

CVE-2021-29951

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 78.10.1 Firefox versions prior to 87 Firefox ESR versions prior to 78.10.1

Description The issue is related to the Mozilla Maintenance Service, which granted excessive access to normal remote users in a domain network, allowing them to start or stop the service. This could be exploited to prevent the browser update service from operating or to expose attack surface in the maintenance service. The issue affects Windows operating systems older than Win 10 build 1709. It is also described as an insecure privilege management vulnerability that could allow a remote attacker to elevate their privileges.

Recommendations For Thunderbird versions prior to 78.10.1, update to version 78.10.1 or later. For Firefox versions prior to 87, update to version 87 or later. For Firefox ESR versions prior to 78.10.1, update to version 78.10.1 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2021-1765

ALT-PU-2021-1791

ALT-PU-2021-1794

ALT-PU-2021-1804

ALT-PU-2021-1886

ALT-PU-2021-1892

BDU:2022-06101

CVE-2021-29951

OPENSUSE-SU-2021:0858-1

OPENSUSE-SU-2021:1854-1

OPENSUSE-SU-2021:1884-1

OPENSUSE-SU-2021_0858-1

OPENSUSE-SU-2021_1854-1

OPENSUSE-SU-2021_1884-1

SUSE-SU-2021:14743-1

SUSE-SU-2021:1854-1

SUSE-SU-2021:1884-1

SUSE-SU-2021:1886-1

SUSE-SU-2021:1919-1

SUSE-SU-2021_14743-1

SUSE-SU-2021_1884-1

SUSE-SU-2021_1886-1

SUSE-SU-2021_1919-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Windows

PT-2021-7424 · Microsoft+3 · Windows+5

CVE-2021-29951

Weakness Enumeration

Related Identifiers

Affected Products

References · 39