Branch c9f1 update bulletin.

Package firefox-esr updated to version 78.11.0-alt0.c9.1 for branch c9f1 in task 274377.

Published: 2021-06-01

BDU:2021-02858

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2021-29967

Published: 2021-06-03

BDU:2021-02898

Уязвимость почтового клиента Mozilla Thunderbird, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: LOW (2.5) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2021-29964

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29964

A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29967

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch c9f1 update on 2021-07-08

ALT-BU-2021-4025-1

ALT-PU-2021-2015-1

Closed vulnerabilities

BDU:2021-02858

BDU:2021-02898

CVE-2021-29964

CVE-2021-29967