Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-528
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Mozilla Firefox ESR versions antérieures à 78.12 | ||
| Mozilla | Thunderbird | Mozilla Thunderbird versions antérieures à 78.12 | ||
| Mozilla | Firefox | Mozilla Firefox versions antérieures à 90 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 78.12",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 78.12",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 90",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29976"
},
{
"name": "CVE-2021-29971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29971"
},
{
"name": "CVE-2021-29974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29974"
},
{
"name": "CVE-2021-29970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29970"
},
{
"name": "CVE-2021-29975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29975"
},
{
"name": "CVE-2021-29973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29973"
},
{
"name": "CVE-2021-29972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29972"
},
{
"name": "CVE-2021-29969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29969"
},
{
"name": "CVE-2021-30547",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30547"
},
{
"name": "CVE-2021-29977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29977"
}
],
"initial_release_date": "2021-07-16T00:00:00",
"last_revision_date": "2021-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-528",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-28 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-30 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-29 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/"
}
]
}
CVE-2021-29973 (GCVE-0-2021-29973)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Password autofill on HTTP websites was enabled without user interaction on Android
Summary
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1701932"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user\u0027s password would be entered by the browser\u0027s autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password autofill on HTTP websites was enabled without user interaction on Android",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:46:20",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1701932"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user\u0027s password would be entered by the browser\u0027s autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password autofill on HTTP websites was enabled without user interaction on Android"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1701932",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1701932"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29973",
"datePublished": "2021-08-05T19:46:20",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29977 (GCVE-0-2021-29977)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory safety bugs fixed in Firefox 90
Summary
Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1665836%2C1686138%2C1704316%2C1706314%2C1709931%2C1712084%2C1712357%2C1714066"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 90",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T00:06:39",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1665836%2C1686138%2C1704316%2C1706314%2C1709931%2C1712084%2C1712357%2C1714066"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 90"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1665836%2C1686138%2C1704316%2C1706314%2C1709931%2C1712084%2C1712357%2C1714066",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1665836%2C1686138%2C1704316%2C1706314%2C1709931%2C1712084%2C1712357%2C1714066"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29977",
"datePublished": "2021-08-05T19:46:01",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29970 (GCVE-0-2021-29970)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use-after-free in accessibility features of a document
Summary
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 78.12 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709976"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free in accessibility features of a document",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:11:45",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709976"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in accessibility features of a document"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-30/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-29/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709976",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709976"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29970",
"datePublished": "2021-08-05T19:46:37",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29971 (GCVE-0-2021-29971)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Granted permissions only compared host; omitting scheme and port on Android
Summary
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Granted permissions only compared host; omitting scheme and port on Android",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:46:31",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Granted permissions only compared host; omitting scheme and port on Android"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713638",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29971",
"datePublished": "2021-08-05T19:46:31",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29969 (GCVE-0-2021-29969)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- IMAP server responses sent by a MITM prior to STARTTLS could be processed
Summary
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 78.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn\u0027t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn\u0027t exist on the IMAP server. This vulnerability affects Thunderbird \u003c 78.12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "IMAP server responses sent by a MITM prior to STARTTLS could be processed",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:13:47",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn\u0027t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn\u0027t exist on the IMAP server. This vulnerability affects Thunderbird \u003c 78.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMAP server responses sent by a MITM prior to STARTTLS could be processed"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-30/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29969",
"datePublished": "2021-08-05T19:46:42",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29974 (GCVE-0-2021-29974)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- HSTS errors could be overridden when network partitioning was enabled
Summary
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704843"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HSTS errors could be overridden when network partitioning was enabled",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T00:06:54",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704843"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HSTS errors could be overridden when network partitioning was enabled"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704843",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704843"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29974",
"datePublished": "2021-08-05T19:46:16",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30547 (GCVE-0-2021-30547)
Vulnerability from cvelistv5
Published
2021-06-15 21:40
Modified
2024-08-03 22:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out of bounds write
Summary
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1210414"
},
{
"name": "FEDORA-2021-f94dadff78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "DSA-4939",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4939"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2709-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
},
{
"name": "DSA-4940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4940"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2711-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "91.0.4472.101",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T06:08:18",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1210414"
},
{
"name": "FEDORA-2021-f94dadff78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "DSA-4939",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4939"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2709-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
},
{
"name": "DSA-4940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4940"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2711-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-30547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.0.4472.101"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/1210414",
"refsource": "MISC",
"url": "https://crbug.com/1210414"
},
{
"name": "FEDORA-2021-f94dadff78",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "DSA-4939",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4939"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2709-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
},
{
"name": "DSA-4940",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4940"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2711-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2021-30547",
"datePublished": "2021-06-15T21:40:28",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29972 (GCVE-0-2021-29972)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of out-of-date library included use-after-free vulnerability
Summary
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696816"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of out-of-date library included use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T00:06:21",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696816"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of out-of-date library included use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696816",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696816"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29972",
"datePublished": "2021-08-05T19:46:26",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29975 (GCVE-0-2021-29975)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Text message could be overlaid on top of another website
Summary
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713259"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Text message could be overlaid on top of another website",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T00:06:13",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713259"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Text message could be overlaid on top of another website"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713259",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713259"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29975",
"datePublished": "2021-08-05T19:46:11",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29976 (GCVE-0-2021-29976)
Vulnerability from cvelistv5
Published
2021-08-05 19:46
Modified
2024-08-03 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory safety bugs fixed in Thunderbird 78.12
Summary
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 78.12 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Thunderbird 78.12",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:14:45",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Thunderbird 78.12"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-30/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-29/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29976",
"datePublished": "2021-08-05T19:46:06",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:24:57.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…