PT-2021-8016 · Mozilla+2 · Firefox Esr+4

Hou Jingyi

·

Published

2021-11-02

·

Updated

2024-12-12

·

CVE-2021-38510

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 94 Thunderbird versions prior to 91.3 Firefox ESR versions prior to 91.3
Description The issue is related to inadequate access control in Mozilla Firefox, Firefox ESR, and the Thunderbird email client for Mac OS operating systems. It is associated with the handling of .inetloc files, which can run commands on a user's computer due to a flaw in Mac OS. The vulnerability can be exploited by a remote attacker to execute arbitrary code when loading .inetloc files. This issue only affects Mac OS operating systems, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 94, update to version 94 or later to resolve the issue. For Thunderbird versions prior to 91.3, update to version 91.3 or later to resolve the issue. For Firefox ESR versions prior to 91.3, update to version 91.3 or later to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2021-3214
ALT-PU-2021-3215
ALT-PU-2021-3226
ALT-PU-2021-3243
ALT-PU-2021-3259
ALT-PU-2021-3369
ALT-PU-2021-3370
ALT-PU-2021-3391
ALT-PU-2022-1781
ALT-PU-2022-1783
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2024-02637
CVE-2021-38510
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1635-1
OPENSUSE-SU-2021:3745-1
OPENSUSE-SU-2021:4150-1
OPENSUSE-SU-2021_1635-1
OPENSUSE-SU-2021_3745-1
OPENSUSE-SU-2021_4150-1
OPENSUSE-SU-2024:11607-1
OPENSUSE-SU-2024:11614-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2021:3651-1
SUSE-SU-2021:3721-1
SUSE-SU-2021:3745-1
SUSE-SU-2021:4150-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird