Уязвимость компонента library/std/src/net/parser.rs языка программирования Rust, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

rustc использует LLVM11, не смотря на BR

Уязвимость пакета библиотек для сетевой защиты приложений NSS, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

python3-module-nss FTBFS on ppc64le

nss-utils и conflict конфликтуют по файлу /usr/bin/conflict

pve-backup FTBFS

Уязвимость функции модульной инверсии набора библиотек NSS (Network Security Services), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость набора библиотек NSS (Network Security Services), связанная с использованием криптографического алгоритма ECDSA (Elliptic Curve Digital Signature Algorithm), содержащего дефекты, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузера Firefox, связана с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента WebGL браузера Firefox, позволяющая нарушителю выполнить произвольный код

Уязвимость синтаксического анализа и загрузки событий в коде SVG веб-браузера Firefox и почтового клиента Thunderbird, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)

Уязвимость компонента WebRequestService веб-браузера Firefox и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость JIT-оптимизации браузера Firefox, связанная с доступом к данным без контроля типов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость памяти веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость реализации функции isExceptionPending() браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с записью данных за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость расширения WebRTC браузера Mozilla Firefox, позволяющая нарушителю оказать воздействие на целостность данных

Уязвимость метода <RowCountChanged> браузера Mozilla Firefox, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Уязвимость браузера Mozilla Firefox, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузера Mozilla Firefox, связанная с ошибками управления ресурсами, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой преобразования типов, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с включением функций из недостоверной контролируемой области, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с некорректной обработкой нулевых байтов или символов NULL при обмене данными, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Уязвимость компонента WebGL почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость режима адаптивного дизайна (Responsive Design Mode) почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками при сохранении разрешений, позволяющая нарушителю ошибочно присвоить сертификат безопасности HTTP-странице

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками наследуемых разрешений, позволяющая нарушителю повысить свои привилегии

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками при обработке символов новой строки в URL-адресе FTP, позволяющая нарушителю отправлять произвольные команды на FTP-сервер

Уязвимость компонента JIT WebAssembly почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю обойти ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость программных средств Google Chrome, Firefox, Firefox ESR, Thunderbird, связанная с ошибкой подтверждения источника данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость браузера Firefox, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации механизма HSTS (HTTP Strict Transport Security) браузера Mozilla Firefox, позволяющая нарушителю обойти механизмы защиты

Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с возникновением конфликта интерпретаций, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Уязвимость метода MediaCacheStream::NotifyDataReceived почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код в целевой системе

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Уязвимость графической библиотеки Cairo браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость веб-браузера Firefox и почтового клиента Thunderbird, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузера Mozilla Firefox, связанная с некорректным ограничением визуализированных слоев пользовательского интерфейса, позволяющая нарушителю проводить атаки с использованием спуфинга

Уязвимость браузера Mozilla Firefox, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти введенные ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с недостаточным предупреждением об опасных действиях, позволяющая нарушителю провести атаку с использованием спуфинга

Уязвимость браузера Mozilla Firefox, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с некорректным ограничением визуализированных слоев пользовательского интерфейса, позволяющая нарушителю проводить атаки с использованием спуфинга

Уязвимость почтового клиента Thunderbird, браузера Firefox, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с ошибками криптографических преобразований, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость обработки запросов XMLHttpRequest браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации

Уязвимость обработки политик CSP браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с ошибками криптографических преобразований, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с неправильным преобразованием типов, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю выполнить отказ в обслуживании

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неверным ограничением визуализируемых слоев или фреймов пользовательского интерфейса из-за состояния гонки при вызове reportValidity, позволяющая нарушителю обойти полноэкранное уведомление и провести спуфинговую атаку

Уязвимость изолированной среды iframe почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю использовать неверное ограничение визуализируемых слоев или фреймов пользовательского интерфейса

Уязвимость режима редактирования почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю инициировать несанкционированную запись и выполнение произвольного кода в целевой системе

Уязвимость пользовательского интерфейса почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неверным ограничением визуализируемых слоев или фреймов, позволяющая нарушителю использовать неверное ограничение визуализируемых слоев или фреймов пользовательского интерфейса

Уязвимость функции ChannelEventQueue::mOwner почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать ошибку использования после освобождения и выполнить произвольный код в системе

Уязвимость функции blendGaussianBlur почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать переполнение буфера кучи и выполнить произвольный код в целевой системе

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с использованием памяти после ее освобождения из-за состояния гонки при воспроизведении аудиофайлов, позволяющая нарушителю создать специально созданную звуковую оболочку, вызвать ошибку использования после освобождения и выполнить произвольный код в системе

Уязвимость изолированной среды iframe почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти изолированную программную среду iframe и выполнить произвольный код JavaScript в контексте произвольного окна

Уязвимость изолированной среды iframe почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с некорректной обработкой пользовательских данных, позволяющая нарушителю выполнить спуфинговую атаку

Уязвимость компонента securitypolicyviolation почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю получить доступ к конфиденциальной информации

Уязвимость функции «Copy as curl» в DevTools почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольные команды в системе

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неправильной проверкой ввода пустой последовательности pkcs7, передаваемой как часть данных сертификата, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с обходом введенных ограничений безопасности, позволяющая нарушителю обойти введенные ограничения безопасности

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неверным ограничением операций в пределах буфера памяти при обработке содержимого HTML, позволяющая нарушителю вызвать повреждение памяти и выполнить произвольный код в целевой системе

Уязвимость реализации механизма CORS почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Content Security Policy (CSP) браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость механизма Web Workers браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость реализации расширений браузера Mozilla Firefox, позволяющая нарушителю обойти введенные ограничения безопасности

Уязвимость функции перетаскивания изображений браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код

Уязвимость элемента iframe браузера Mozilla Firefox, позволяющая нарушителю обойти введенные ограничения безопасности

Уязвимость службы Maintenance (Updater) Service браузера Mozilla Firefox, позволяющая нарушителю повысить свои привилегии

Уязвимость параметра XSLT браузеров Mozilla Firefox и Focus, позволяющая нарушителю выполнить произвольный код

Уязвимость программного интерфейса обработки 3D-графики и вычислений WebGPU браузеров Mozilla Firefox и Focus, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox, связанная с недостаточным предупреждением об опасных действиях, позволяющая нарушителю выполнить спуфинговую атаку

Уязвимость браузера Mozilla Firefox, связанная с использованием памяти после освобождения, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox, связанная с недостатками разграничения доступа, позволяющая нарушителю обойти введенные ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с состоянием гонки при проверке подписей, позволяющая нарушителю выполнить спуфинговую атаку

Уязвимость браузера Mozilla Firefox, связанная с недостатками контроля доступа, позволяющая нарушителю получить доступ к конфиденциальной информации

Уязвимость компонента JIT веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость компонента JIT веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость веб-браузера Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox, связанная с отсутствием проверки корректности принимаемых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неправильными настройками прав доступа по умолчанию, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с ошибками авторизации, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузера Mozilla Firefox, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузера Mozilla Firefox, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузера Mozilla Firefox, связанная с недостатком в механизме подтверждения источника данных, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с утечкой информации в сообщениях об ошибках, позволяющая нарушителю раскрыть защищаемую информацию

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с неправильным использованием привилегированных API, позволяющая нарушителю установить расширение

Уязвимость службы Maintenance Service браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird для Windows, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев или фреймов пользовательского интерфейса, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox, связанная с недостатками контроля доступа, позволяющая нарушителю видоизменять пользовательский интерфейс

Уязвимость браузера Mozilla Firefox, почтового клиента Thunderbird, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнить произвольный JavaScript-код

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82.

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83.

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84.

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84.

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.

The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.

When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

The DOMParser API did not properly process '

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87.

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88.

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.

When styling and rendering an oversized `` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1700235
• https://bugzilla.mozilla.org/show_bug.cgi?id=1700235
• GLSA-202107-09
• GLSA-202107-09
• https://www.mozilla.org/security/advisories/mfsa2021-23/
• https://www.mozilla.org/security/advisories/mfsa2021-23/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29966

Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1660307%2C1686154%2C1702948%2C1708124
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1660307%2C1686154%2C1702948%2C1708124
• GLSA-202107-09
• GLSA-202107-09
• https://www.mozilla.org/security/advisories/mfsa2021-23/
• https://www.mozilla.org/security/advisories/mfsa2021-23/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29967

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-23/
• https://www.mozilla.org/security/advisories/mfsa2021-23/
• https://www.mozilla.org/security/advisories/mfsa2021-24/
• https://www.mozilla.org/security/advisories/mfsa2021-24/
• https://www.mozilla.org/security/advisories/mfsa2021-26/
• https://www.mozilla.org/security/advisories/mfsa2021-26/

Published: 2021-08-05
Modified: 2024-11-21

CVE-2021-29970

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1709976
• https://bugzilla.mozilla.org/show_bug.cgi?id=1709976
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-29/
• https://www.mozilla.org/security/advisories/mfsa2021-29/
• https://www.mozilla.org/security/advisories/mfsa2021-30/
• https://www.mozilla.org/security/advisories/mfsa2021-30/

Published: 2021-08-05
Modified: 2024-11-21

CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1696816
• https://bugzilla.mozilla.org/show_bug.cgi?id=1696816
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-28/

Published: 2021-08-05
Modified: 2024-11-21

CVE-2021-29974

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1704843
• https://bugzilla.mozilla.org/show_bug.cgi?id=1704843
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-28/

Published: 2021-08-05
Modified: 2024-11-21

CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1713259
• https://bugzilla.mozilla.org/show_bug.cgi?id=1713259
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-28/

Published: 2021-08-05
Modified: 2024-11-21

CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-29/
• https://www.mozilla.org/security/advisories/mfsa2021-29/
• https://www.mozilla.org/security/advisories/mfsa2021-30/
• https://www.mozilla.org/security/advisories/mfsa2021-30/

Published: 2021-08-05
Modified: 2024-11-21

CVE-2021-29977

Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1665836%2C1686138%2C1704316%2C1706314%2C1709931%2C1712084%2C1712357%2C1714066
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1665836%2C1686138%2C1704316%2C1706314%2C1709931%2C1712084%2C1712357%2C1714066
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-28/
• https://www.mozilla.org/security/advisories/mfsa2021-28/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29980

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1722204
• https://bugzilla.mozilla.org/show_bug.cgi?id=1722204
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-36/
• https://www.mozilla.org/security/advisories/mfsa2021-36/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29981

An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1707774
• https://bugzilla.mozilla.org/show_bug.cgi?id=1707774
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-36/
• https://www.mozilla.org/security/advisories/mfsa2021-36/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29982

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1715318
• https://bugzilla.mozilla.org/show_bug.cgi?id=1715318
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-36/
• https://www.mozilla.org/security/advisories/mfsa2021-36/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29984

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1720031
• https://bugzilla.mozilla.org/show_bug.cgi?id=1720031
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-36/
• https://www.mozilla.org/security/advisories/mfsa2021-36/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29985

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1722083
• https://bugzilla.mozilla.org/show_bug.cgi?id=1722083
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-36/
• https://www.mozilla.org/security/advisories/mfsa2021-36/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29988

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1717922
• https://bugzilla.mozilla.org/show_bug.cgi?id=1717922
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-36/
• https://www.mozilla.org/security/advisories/mfsa2021-36/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29989

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-34/
• https://www.mozilla.org/security/advisories/mfsa2021-35/
• https://www.mozilla.org/security/advisories/mfsa2021-35/

Published: 2021-08-17
Modified: 2024-11-21

CVE-2021-29990

Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073
• GLSA-202202-03
• GLSA-202202-03
• https://www.mozilla.org/security/advisories/mfsa2021-33/
• https://www.mozilla.org/security/advisories/mfsa2021-33/

Published: 2021-11-03
Modified: 2024-11-21

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1724896
• https://bugzilla.mozilla.org/show_bug.cgi?id=1724896
• https://www.mozilla.org/security/advisories/mfsa2021-37/
• https://www.mozilla.org/security/advisories/mfsa2021-37/

Published: 2021-11-03
Modified: 2024-11-21

CVE-2021-38495

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• https://www.mozilla.org/security/advisories/mfsa2021-40/
• https://www.mozilla.org/security/advisories/mfsa2021-40/
• https://www.mozilla.org/security/advisories/mfsa2021-41/
• https://www.mozilla.org/security/advisories/mfsa2021-41/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: CRITICAL (10.0) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1729517
• https://bugzilla.mozilla.org/show_bug.cgi?id=1729517
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1730156
• https://bugzilla.mozilla.org/show_bug.cgi?id=1730156
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38505

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1730194
• https://bugzilla.mozilla.org/show_bug.cgi?id=1730194
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38506

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1730750
• https://bugzilla.mozilla.org/show_bug.cgi?id=1730750
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1730935
• https://bugzilla.mozilla.org/show_bug.cgi?id=1730935
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1366818
• https://bugzilla.mozilla.org/show_bug.cgi?id=1366818
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1718571
• https://bugzilla.mozilla.org/show_bug.cgi?id=1718571
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-38510

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1731779
• https://bugzilla.mozilla.org/show_bug.cgi?id=1731779
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-48/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-49/
• https://www.mozilla.org/security/advisories/mfsa2021-50/
• https://www.mozilla.org/security/advisories/mfsa2021-50/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: CRITICAL (10.0) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1746720
• https://bugzilla.mozilla.org/show_bug.cgi?id=1746720
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43536

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1730120
• https://bugzilla.mozilla.org/show_bug.cgi?id=1730120
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43537

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1738237
• https://bugzilla.mozilla.org/show_bug.cgi?id=1738237
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43538

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1739091
• https://bugzilla.mozilla.org/show_bug.cgi?id=1739091
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43539

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1739683
• https://bugzilla.mozilla.org/show_bug.cgi?id=1739683
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43541

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1696685
• https://bugzilla.mozilla.org/show_bug.cgi?id=1696685
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1723281
• https://bugzilla.mozilla.org/show_bug.cgi?id=1723281
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43543

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1738418
• https://bugzilla.mozilla.org/show_bug.cgi?id=1738418
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43545

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1720926
• https://bugzilla.mozilla.org/show_bug.cgi?id=1720926
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2021-12-09
Modified: 2024-11-21

CVE-2021-43546

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1737751
• https://bugzilla.mozilla.org/show_bug.cgi?id=1737751
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
• GLSA-202202-03
• GLSA-202202-03
• GLSA-202208-14
• GLSA-202208-14
• DSA-5026
• DSA-5026
• DSA-5034
• DSA-5034
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-52/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-53/
• https://www.mozilla.org/security/advisories/mfsa2021-54/
• https://www.mozilla.org/security/advisories/mfsa2021-54/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22737

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1745874
• https://bugzilla.mozilla.org/show_bug.cgi?id=1745874
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1742382
• https://bugzilla.mozilla.org/show_bug.cgi?id=1742382
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22739

Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1744158
• https://bugzilla.mozilla.org/show_bug.cgi?id=1744158
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22740

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1742334
• https://bugzilla.mozilla.org/show_bug.cgi?id=1742334
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22741

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1740389
• https://bugzilla.mozilla.org/show_bug.cgi?id=1740389
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22742

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1739923
• https://bugzilla.mozilla.org/show_bug.cgi?id=1739923
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1739220
• https://bugzilla.mozilla.org/show_bug.cgi?id=1739220
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.
*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1737252
• https://bugzilla.mozilla.org/show_bug.cgi?id=1737252
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22745

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1735856
• https://bugzilla.mozilla.org/show_bug.cgi?id=1735856
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1735071
• https://bugzilla.mozilla.org/show_bug.cgi?id=1735071
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22747

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1735028
• https://bugzilla.mozilla.org/show_bug.cgi?id=1735028
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22748

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1705211
• https://bugzilla.mozilla.org/show_bug.cgi?id=1705211
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22751

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22753

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1732435
• https://bugzilla.mozilla.org/show_bug.cgi?id=1732435
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1750565
• https://bugzilla.mozilla.org/show_bug.cgi?id=1750565
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22756

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1317873
• https://bugzilla.mozilla.org/show_bug.cgi?id=1317873
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22759

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1739957
• https://bugzilla.mozilla.org/show_bug.cgi?id=1739957
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1740985
• https://bugzilla.mozilla.org/show_bug.cgi?id=1740985
• https://bugzilla.mozilla.org/show_bug.cgi?id=1748503
• https://bugzilla.mozilla.org/show_bug.cgi?id=1748503
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22761

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1745566
• https://bugzilla.mozilla.org/show_bug.cgi?id=1745566
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22763

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1740534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1740534
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-22764

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-04/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-05/
• https://www.mozilla.org/security/advisories/mfsa2022-06/
• https://www.mozilla.org/security/advisories/mfsa2022-06/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-26381

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1736243
• https://bugzilla.mozilla.org/show_bug.cgi?id=1736243
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-12/
• https://www.mozilla.org/security/advisories/mfsa2022-12/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-26383

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1742421
• https://bugzilla.mozilla.org/show_bug.cgi?id=1742421
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-12/
• https://www.mozilla.org/security/advisories/mfsa2022-12/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1744352
• https://bugzilla.mozilla.org/show_bug.cgi?id=1744352
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-12/
• https://www.mozilla.org/security/advisories/mfsa2022-12/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-26386

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1752396
• https://bugzilla.mozilla.org/show_bug.cgi?id=1752396
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-12/
• https://www.mozilla.org/security/advisories/mfsa2022-12/

Published: 2022-12-22
Modified: 2024-11-21

CVE-2022-26387

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1752979
• https://bugzilla.mozilla.org/show_bug.cgi?id=1752979
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-10/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-11/
• https://www.mozilla.org/security/advisories/mfsa2022-12/
• https://www.mozilla.org/security/advisories/mfsa2022-12/

Published: 2022-12-22
Modified: 2025-03-06

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1758062
• https://bugzilla.mozilla.org/show_bug.cgi?id=1758062
• https://www.mozilla.org/security/advisories/mfsa2022-09/
• https://www.mozilla.org/security/advisories/mfsa2022-09/

Published: 2022-12-22
Modified: 2025-03-22

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1758070
• https://bugzilla.mozilla.org/show_bug.cgi?id=1758070
• https://www.mozilla.org/security/advisories/mfsa2022-09/
• https://www.mozilla.org/security/advisories/mfsa2022-09/

Closed bugs

Bug #41360

После обновления firefox-esr пропадает значок "Домашняя страница"

ALT-PU-2022-1782-1

Package firefox updated to version 93.0-alt0.p9.1 for branch p9 in task 288073.

Closed vulnerabilities

Published: 2020-11-17

BDU:2020-05537

Уязвимость синтаксического анализа и загрузки событий в коде SVG веб-браузера Firefox и почтового клиента Thunderbird, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2020-26951

Published: 2020-11-17

BDU:2020-05538

Уязвимость компонента WebRequestService веб-браузера Firefox и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• CVE-2020-26959

Published: 2020-10-08

BDU:2021-01231

Уязвимость реализации функции isExceptionPending() браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2020-35114

Published: 2020-12-15

BDU:2021-01239

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с записью данных за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• CVE-2020-35113

Published: 2021-01-05

BDU:2021-01665

Уязвимость реализации блока COOKIE-ECHO расширения WebRTC браузеров Google Chrome, Mozilla Firefox, Firefox ESR и Firefox for Android, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

• CVE-2020-16044
• MFSA 2021-01

Published: 2021-01-26

BDU:2021-02079

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23965

Published: 2021-01-26

BDU:2021-02080

Уязвимость расширения WebRTC браузера Mozilla Firefox, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• CVE-2021-23963

Published: 2021-01-26

BDU:2021-02081

Уязвимость метода <RowCountChanged> браузера Mozilla Firefox, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23962

Published: 2021-01-26

BDU:2021-02082

Уязвимость браузера Mozilla Firefox, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.4) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

• CVE-2021-23961

Published: 2021-01-26

BDU:2021-02083

Уязвимость браузера Mozilla Firefox, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• CVE-2021-23959

Published: 2021-01-26

BDU:2021-02084

Уязвимость браузера Mozilla Firefox, связанная с ошибками управления ресурсами, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• CVE-2021-23958

Published: 2021-01-26

BDU:2021-02085

Уязвимость изолированной среды iframe браузера Firefox for Android, позволяющая нарушителю оказать воздействие на целостность данных

Severity: HIGH (7.4) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

References:

• CVE-2021-23957

Published: 2021-01-26

BDU:2021-02086

Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• CVE-2021-23956

Published: 2021-01-26

BDU:2021-02087

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой преобразования типов, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23954

Published: 2021-01-26

BDU:2021-02088

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23964

Published: 2021-01-26

BDU:2021-02089

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с включением функций из недостоверной контролируемой области, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• CVE-2021-23953

Published: 2021-01-26

BDU:2021-02090

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с некорректной обработкой нулевых байтов или символов NULL при обмене данными, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23960

Published: 2021-04-19

BDU:2021-02279

Уязвимость компонента WebGL почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23994

Published: 2021-04-19

BDU:2021-02280

Уязвимость режима адаптивного дизайна (Responsive Design Mode) почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23995

Published: 2021-04-19

BDU:2021-02281

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками при сохранении разрешений, позволяющая нарушителю ошибочно присвоить сертификат безопасности HTTP-странице

Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References:

• CVE-2021-23998

Published: 2021-04-19

BDU:2021-02282

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками наследуемых разрешений, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• CVE-2021-23999

Published: 2021-04-19

BDU:2021-02283

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками при обработке символов новой строки в URL-адресе FTP, позволяющая нарушителю отправлять произвольные команды на FTP-сервер

Severity: MEDIUM (4.2) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

• CVE-2021-24002

Published: 2021-04-19

BDU:2021-02284

Уязвимость компонента JIT WebAssembly почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

• CVE-2021-29945

Published: 2021-04-19

BDU:2021-02285

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю обойти ограничения безопасности

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• CVE-2021-29946

Published: 2021-05-07

BDU:2021-02451

Уязвимость компонентов Web Render веб-браузера Firefox, позволяющая нарушителю выполнить произвольный код в системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29952

Published: 2021-06-01

BDU:2021-02858

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29967

Published: 2021-06-03

BDU:2021-02898

Уязвимость почтового клиента Mozilla Thunderbird, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: LOW (2.5) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

• CVE-2021-29964

Published: 2020-05-30

BDU:2021-03536

Уязвимость программных средств Google Chrome, Firefox, Firefox ESR, Thunderbird, связанная с ошибкой подтверждения источника данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

• CVE-2020-16012

Published: 2021-07-13

BDU:2021-03659

Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29970

Published: 2021-07-13

BDU:2021-03660

Уязвимость почтового клиента Mozilla Thunderbird, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-30547

Published: 2021-07-13

BDU:2021-03661

Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29976

Published: 2021-07-13

BDU:2021-03891

Уязвимость браузера Mozilla Firefox для Android, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

• CVE-2021-29971
• MFSA 2021-28

Published: 2021-07-13

BDU:2021-03900

Уязвимость браузера Firefox, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29977

Published: 2021-07-13

BDU:2021-03950

Уязвимость реализации механизма HSTS (HTTP Strict Transport Security) браузера Mozilla Firefox, позволяющая нарушителю обойти механизмы защиты

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• CVE-2021-29974
• MFSA 2021-28

Published: 2021-07-13

BDU:2021-03951

Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• CVE-2021-29975
• MFSA 2021-28

Published: 2021-08-10

BDU:2021-04068

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29986

Published: 2021-08-10

BDU:2021-04069

Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с возникновением конфликта интерпретаций, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29988

Published: 2021-08-10

BDU:2021-04070

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29984

Published: 2021-08-10

BDU:2021-04071

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29980

Published: 2021-08-10

BDU:2021-04072

Уязвимость метода MediaCacheStream::NotifyDataReceived почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29985

Published: 2021-08-10

BDU:2021-04073

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29989

Published: 2021-07-13

BDU:2021-04482

Уязвимость графической библиотеки Cairo браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29972
• MFSA 2021-28

Published: 2021-07-13

BDU:2021-04517

Уязвимость функции автозаполнения пароля браузера Mozilla Firefox для Android, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• CVE-2021-29973
• MFSA 2021-28

Published: 2021-09-08

BDU:2021-04558

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-38493

Published: 2021-10-05

BDU:2021-05029

Уязвимость операции MessageTasks браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в системе.

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• CVE-2021-38496

Published: 2021-10-05

BDU:2021-05030

Уязвимость браузера Mozilla Firefox, связанная с ошибками при обработке HTML-содержимого, позволяющая нарушителю, выполнить произвольный код в системе

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• CVE-2021-38500

Published: 2021-10-05

BDU:2021-05095

Уязвимость объекта nsLanguageAtomService браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-38498

Published: 2021-10-05

BDU:2021-05096

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная переполнением буфера, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-38501

Published: 2021-10-05

BDU:2021-05097

Уязвимость функций "Stealer::steal", "Stealer::steal_batch" и "Stealer::steal_batch_and_pop" браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-32810

Published: 2021-11-03

BDU:2021-06060

Уязвимость почтового клиента Thunderbird, браузера Firefox, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

• CVE-2021-29991

Published: 2021-11-02

BDU:2021-06241

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-43535

Published: 2021-08-17

BDU:2022-01890

Уязвимость компонента JIT веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• CVE-2021-29982

Published: 2021-08-18

BDU:2022-01891

Уязвимость компонента JIT веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29981

Published: 2021-06-12

BDU:2022-02172

Уязвимость панели разрешений веб-браузера Firefox, почтового клиента Thunderbird, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• CVE-2021-29987

Published: 2021-08-17

BDU:2022-02173

Уязвимость веб-браузера Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29990

Published: 2021-06-24

BDU:2022-05606

Уязвимость браузера Mozilla Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-29966

Published: 2021-06-24

BDU:2022-05609

Уязвимость браузера Mozilla Firefox, связанная с отсутствием проверки корректности принимаемых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• CVE-2021-29960

Published: 2021-06-24

BDU:2022-05612

Уязвимость функции "Приватный Просмотр" браузера Mozilla Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• CVE-2021-29963

Published: 2021-06-24

BDU:2022-05613

Уязвимость браузера Mozilla Firefox, связанная c некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

• CVE-2021-29962

Published: 2021-09-07

BDU:2022-05736

Уязвимость браузера Mozilla Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-38494

Published: 2021-06-01

BDU:2022-05737

Уязвимость браузера Mozilla Firefox, связанная с ошибками авторизации, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• CVE-2021-29959

Published: 2021-09-07

BDU:2022-05740

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-38495

Published: 2021-08-10

BDU:2022-05741

Уязвимость браузера Mozilla Firefox для Android, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании и раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• CVE-2021-29983

Published: 2021-05-05

BDU:2022-05742

Уязвимость браузера Mozilla Firefox для Android, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• CVE-2021-29953

Published: 2021-10-05

BDU:2022-05743

Уязвимость браузера Mozilla Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-38499

Published: 2021-09-07

BDU:2022-05744

Уязвимость браузера Mozilla Firefox для Android, позволяющая нарушителю вызвать отказ в обслуживании или провести спуфинг-атаки

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

References:

• CVE-2021-29993

Published: 2021-06-16

BDU:2022-05745

Уязвимость браузера Mozilla Firefox для Windows, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю раскрыть защищаемую информацию

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

• CVE-2021-29968

Published: 2021-03-23

BDU:2022-05941

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев или фреймов пользовательского интерфейса, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• CVE-2021-23984

Published: 2021-03-23

BDU:2022-05942

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• CVE-2021-23987

Published: 2022-06-01

BDU:2022-06096

Уязвимость браузера Mozilla Firefox, связанная с недостатками контроля доступа, позволяющая нарушителю видоизменять пользовательский интерфейс

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• CVE-2021-29961

Published: 2021-09-07

BDU:2022-06099

Уязвимость браузера Mozilla Firefox, позволяющая нарушителю провести спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• CVE-2021-38491

Published: 2021-06-01

BDU:2022-06103

Уязвимость браузера Firefox for Android, связанная с ошибками при обработке гипертекстовых ссылок, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• CVE-2021-29965

Published: 2021-01-08
Modified: 2024-11-21

CVE-2020-16012

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
• https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
• https://crbug.com/1088224
• https://crbug.com/1088224

Published: 2021-02-09
Modified: 2024-11-21

CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
• https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
• https://crbug.com/1163228
• https://crbug.com/1163228

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1667113
• https://bugzilla.mozilla.org/show_bug.cgi?id=1667113
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1667685
• https://bugzilla.mozilla.org/show_bug.cgi?id=1667685
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26953

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
• https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26956

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1666300
• https://bugzilla.mozilla.org/show_bug.cgi?id=1666300
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1669355
• https://bugzilla.mozilla.org/show_bug.cgi?id=1669355
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26959

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1669466
• https://bugzilla.mozilla.org/show_bug.cgi?id=1669466
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26960

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1670358
• https://bugzilla.mozilla.org/show_bug.cgi?id=1670358
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26961

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
• https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=610997
• https://bugzilla.mozilla.org/show_bug.cgi?id=610997
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26963

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1314912
• https://bugzilla.mozilla.org/show_bug.cgi?id=1314912
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26965

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1661617
• https://bugzilla.mozilla.org/show_bug.cgi?id=1661617
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26967

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1665820
• https://bugzilla.mozilla.org/show_bug.cgi?id=1665820
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26968

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-51/
• https://www.mozilla.org/security/advisories/mfsa2020-52/
• https://www.mozilla.org/security/advisories/mfsa2020-52/

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26969

Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1623920%2C1651705%2C1667872%2C1668876
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1623920%2C1651705%2C1667872%2C1668876
• https://www.mozilla.org/security/advisories/mfsa2020-50/
• https://www.mozilla.org/security/advisories/mfsa2020-50/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26971

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1663466
• https://bugzilla.mozilla.org/show_bug.cgi?id=1663466
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-56/
• https://www.mozilla.org/security/advisories/mfsa2020-56/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1671382
• https://bugzilla.mozilla.org/show_bug.cgi?id=1671382
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
• https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-56/
• https://www.mozilla.org/security/advisories/mfsa2020-56/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1681022
• https://bugzilla.mozilla.org/show_bug.cgi?id=1681022
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-56/
• https://www.mozilla.org/security/advisories/mfsa2020-56/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
• https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
• [debian-lts-announce] 20210202 [SECURITY] [DLA 2539-1] firefox-esr security update
• [debian-lts-announce] 20210202 [SECURITY] [DLA 2539-1] firefox-esr security update
• [debian-lts-announce] 20210202 [SECURITY] [DLA 2541-1] thunderbird security update
• [debian-lts-announce] 20210202 [SECURITY] [DLA 2541-1] thunderbird security update
• GLSA-202102-02
• GLSA-202102-02
• DSA-4840
• DSA-4840
• DSA-4842
• DSA-4842
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26978

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1677047
• https://bugzilla.mozilla.org/show_bug.cgi?id=1677047
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-56/
• https://www.mozilla.org/security/advisories/mfsa2020-56/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-26979

When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-35111

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
• https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-56/
• https://www.mozilla.org/security/advisories/mfsa2020-56/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-35113

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-55/
• https://www.mozilla.org/security/advisories/mfsa2020-56/
• https://www.mozilla.org/security/advisories/mfsa2020-56/

Published: 2021-01-07
Modified: 2024-11-21

CVE-2020-35114

Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%2C1669914%2C1673567
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%2C1669914%2C1673567
• https://www.mozilla.org/security/advisories/mfsa2020-54/
• https://www.mozilla.org/security/advisories/mfsa2020-54/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23953

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1683940
• https://bugzilla.mozilla.org/show_bug.cgi?id=1683940
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-05/
• https://www.mozilla.org/security/advisories/mfsa2021-05/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1684020
• https://bugzilla.mozilla.org/show_bug.cgi?id=1684020
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-05/
• https://www.mozilla.org/security/advisories/mfsa2021-05/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23955

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1684837
• https://bugzilla.mozilla.org/show_bug.cgi?id=1684837
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23956

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1338637
• https://bugzilla.mozilla.org/show_bug.cgi?id=1338637
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23957

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1584582
• https://bugzilla.mozilla.org/show_bug.cgi?id=1584582
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23958

The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1642747
• https://bugzilla.mozilla.org/show_bug.cgi?id=1642747
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23959

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1659035
• https://bugzilla.mozilla.org/show_bug.cgi?id=1659035
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1675755
• https://bugzilla.mozilla.org/show_bug.cgi?id=1675755
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-05/
• https://www.mozilla.org/security/advisories/mfsa2021-05/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1677940
• https://bugzilla.mozilla.org/show_bug.cgi?id=1677940
• [debian-lts-announce] 20210422 [SECURITY] [DLA 2632-1] thunderbird security update
• [debian-lts-announce] 20210422 [SECURITY] [DLA 2632-1] thunderbird security update
• [debian-lts-announce] 20210423 [SECURITY] [DLA 2633-1] firefox-esr security update
• [debian-lts-announce] 20210423 [SECURITY] [DLA 2633-1] firefox-esr security update
• GLSA-202104-09
• GLSA-202104-09
• GLSA-202104-10
• GLSA-202104-10
• DSA-4895
• DSA-4895
• DSA-4897
• DSA-4897
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23962

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1677194
• https://bugzilla.mozilla.org/show_bug.cgi?id=1677194
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23963

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1680793
• https://bugzilla.mozilla.org/show_bug.cgi?id=1680793
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23964

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-04/
• https://www.mozilla.org/security/advisories/mfsa2021-05/
• https://www.mozilla.org/security/advisories/mfsa2021-05/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23965

Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1670378%2C1673555%2C1676812%2C1678582%2C1684497
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1670378%2C1673555%2C1676812%2C1678582%2C1684497
• https://www.mozilla.org/security/advisories/mfsa2021-03/
• https://www.mozilla.org/security/advisories/mfsa2021-03/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23968

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1687342
• https://bugzilla.mozilla.org/show_bug.cgi?id=1687342
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• GLSA-202104-09
• GLSA-202104-09
• GLSA-202104-10
• GLSA-202104-10
• DSA-4866
• DSA-4866
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-09/
• https://www.mozilla.org/security/advisories/mfsa2021-09/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23969

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1542194
• https://bugzilla.mozilla.org/show_bug.cgi?id=1542194
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• GLSA-202104-09
• GLSA-202104-09
• GLSA-202104-10
• GLSA-202104-10
• DSA-4866
• DSA-4866
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-09/
• https://www.mozilla.org/security/advisories/mfsa2021-09/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1681724
• https://bugzilla.mozilla.org/show_bug.cgi?id=1681724
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23971

When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1678545
• https://bugzilla.mozilla.org/show_bug.cgi?id=1678545
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1683536
• https://bugzilla.mozilla.org/show_bug.cgi?id=1683536
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23973

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1690976
• https://bugzilla.mozilla.org/show_bug.cgi?id=1690976
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• GLSA-202104-09
• GLSA-202104-09
• GLSA-202104-10
• GLSA-202104-10
• DSA-4866
• DSA-4866
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-09/
• https://www.mozilla.org/security/advisories/mfsa2021-09/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23974

The DOMParser API did not properly process '

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1685145
• https://bugzilla.mozilla.org/show_bug.cgi?id=1685145
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1684627
• https://bugzilla.mozilla.org/show_bug.cgi?id=1684627
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23977

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1684761
• https://bugzilla.mozilla.org/show_bug.cgi?id=1684761
• GLSA-202104-10
• GLSA-202104-10
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23978

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=786797%2C1682928%2C1687391%2C1687597
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=786797%2C1682928%2C1687391%2C1687597
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• [debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
• GLSA-202104-09
• GLSA-202104-09
• GLSA-202104-10
• GLSA-202104-10
• DSA-4866
• DSA-4866
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-08/
• https://www.mozilla.org/security/advisories/mfsa2021-09/
• https://www.mozilla.org/security/advisories/mfsa2021-09/

Published: 2021-02-26
Modified: 2024-11-21

CVE-2021-23979

Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663222%2C1666607%2C1672120%2C1678463%2C1678927%2C1679560%2C1681297%2C1681684%2C1683490%2C1684377%2C1684902
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663222%2C1666607%2C1672120%2C1678463%2C1678927%2C1679560%2C1681297%2C1681684%2C1683490%2C1684377%2C1684902
• https://www.mozilla.org/security/advisories/mfsa2021-07/
• https://www.mozilla.org/security/advisories/mfsa2021-07/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23981

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1692832
• https://bugzilla.mozilla.org/show_bug.cgi?id=1692832
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-12/
• https://www.mozilla.org/security/advisories/mfsa2021-12/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23982

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1677046
• https://bugzilla.mozilla.org/show_bug.cgi?id=1677046
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-12/
• https://www.mozilla.org/security/advisories/mfsa2021-12/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23983

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1692684
• https://bugzilla.mozilla.org/show_bug.cgi?id=1692684
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23984

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1693664
• https://bugzilla.mozilla.org/show_bug.cgi?id=1693664
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-12/
• https://www.mozilla.org/security/advisories/mfsa2021-12/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23985

If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1659129
• https://bugzilla.mozilla.org/show_bug.cgi?id=1659129
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1692623
• https://bugzilla.mozilla.org/show_bug.cgi?id=1692623
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23987

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-12/
• https://www.mozilla.org/security/advisories/mfsa2021-12/

Published: 2021-03-31
Modified: 2024-11-21

CVE-2021-23988

Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684994%2C1686653
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684994%2C1686653
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-23994

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1699077
• https://bugzilla.mozilla.org/show_bug.cgi?id=1699077
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1699835
• https://bugzilla.mozilla.org/show_bug.cgi?id=1699835
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-23996

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1701834
• https://bugzilla.mozilla.org/show_bug.cgi?id=1701834
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-23997

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1701942
• https://bugzilla.mozilla.org/show_bug.cgi?id=1701942
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-23998

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1667456
• https://bugzilla.mozilla.org/show_bug.cgi?id=1667456
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-23999

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
• https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-24000

A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.

Severity: LOW (3.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1694698
• https://bugzilla.mozilla.org/show_bug.cgi?id=1694698
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1694727
• https://bugzilla.mozilla.org/show_bug.cgi?id=1694727
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1702374
• https://bugzilla.mozilla.org/show_bug.cgi?id=1702374
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1697604
• https://bugzilla.mozilla.org/show_bug.cgi?id=1697604
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1700690
• https://bugzilla.mozilla.org/show_bug.cgi?id=1700690
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29946

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1698503
• https://bugzilla.mozilla.org/show_bug.cgi?id=1698503
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-14/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-15/
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29947

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651449%2C1674142%2C1693476%2C1696886%2C1700091
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651449%2C1674142%2C1693476%2C1696886%2C1700091
• https://www.mozilla.org/security/advisories/mfsa2021-16/
• https://www.mozilla.org/security/advisories/mfsa2021-16/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1704227
• https://bugzilla.mozilla.org/show_bug.cgi?id=1704227
• https://www.mozilla.org/security/advisories/mfsa2021-20/
• https://www.mozilla.org/security/advisories/mfsa2021-20/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29953

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1701684
• https://bugzilla.mozilla.org/show_bug.cgi?id=1701684
• https://www.mozilla.org/security/advisories/mfsa2021-20/
• https://www.mozilla.org/security/advisories/mfsa2021-20/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1692972
• https://bugzilla.mozilla.org/show_bug.cgi?id=1692972
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-10/
• https://www.mozilla.org/security/advisories/mfsa2021-11/
• https://www.mozilla.org/security/advisories/mfsa2021-11/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29959

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1395819
• https://bugzilla.mozilla.org/show_bug.cgi?id=1395819
• GLSA-202107-09
• GLSA-202107-09
• https://www.mozilla.org/security/advisories/mfsa2021-23/
• https://www.mozilla.org/security/advisories/mfsa2021-23/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1675965
• https://bugzilla.mozilla.org/show_bug.cgi?id=1675965
• GLSA-202107-09
• GLSA-202107-09
• https://www.mozilla.org/security/advisories/mfsa2021-23/
• https://www.mozilla.org/security/advisories/mfsa2021-23/

Published: 2021-06-24
Modified: 2024-11-21

CVE-2021-29961

When styling and rendering an oversized `

` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.