Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 | Issue Tracking Not Applicable Third Party Advisory |
https://security.gentoo.org/glsa/202208-14 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2021-23/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2021-24/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2021-26/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Dec 2022, 18:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 - Issue Tracking, Not Applicable, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-14 - Third Party Advisory |
10 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2022, 16:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 |
25 Jun 2021, 13:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
References | (MISC) https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 - Third Party Advisory, Not Applicable | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2021-23/ - Release Notes, Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2021-24/ - Release Notes, Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2021-26/ - Release Notes, Vendor Advisory | |
CWE | CWE-119 | |
CPE | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
24 Jun 2021, 14:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-24 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29967
Mitre link : CVE-2021-29967
CVE.ORG link : CVE-2021-29967
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
- firefox_esr
CWE
CWE-787
Out-of-bounds Write