CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29988 – Mozilla: Memory corruption as a result of incorrect style treatment
https://notcve.org/view.php?id=CVE-2021-29988
16 Aug 2021 — Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Firefox trataba incorrectamente un elemento de lista en línea como un elemento de bloqueo, resultando en una lectura fuera de límites o una corrupción de la memoria, y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1717922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 3%CPEs: 4EXPL: 1CVE-2021-29986 – Mozilla: Race condition when resolving DNS names could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29986
16 Aug 2021 — A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una supuesta condición de carrera cuando se llama a getaddrinfo que conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: Este problema sólo afectaba a los sist... • https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 1CVE-2021-29984 – Mozilla: Incorrect instruction reordering during JIT optimization
https://notcve.org/view.php?id=CVE-2021-29984
16 Aug 2021 — Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una reordenación de instrucciones resultaba en una secuencia de instrucciones que causaría que un objeto fuera considerado incorrectamente durante la recogida de basura. Esto conllevaba a una cor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 1CVE-2021-29980 – Mozilla: Uninitialized memory in a canvas object could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29980
12 Aug 2021 — Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una memoria no inicializada en un objeto canvas podría haber causado una función free() incorrecta, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.13, Thunderbi... • https://bugzilla.mozilla.org/show_bug.cgi?id=1722204 • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29989 – Mozilla: Memory safety bugs fixed in Thunderbird 78.13
https://notcve.org/view.php?id=CVE-2021-29989
12 Aug 2021 — Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 90 y Firefox ESR 78.12. Algunos de estos bugs mostraron evidencias de corrupción... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29985 – Mozilla: Use-after-free media channels
https://notcve.org/view.php?id=CVE-2021-29985
12 Aug 2021 — A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una vulnerabilidad de uso de la memoria previamente liberada en los canales multimedia podría haber conllevado a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.13, Thunderbird versiones anteriores... • https://bugzilla.mozilla.org/show_bug.cgi?id=1722083 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29976 – Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
https://notcve.org/view.php?id=CVE-2021-29976
15 Jul 2021 — Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. Los desarrolladores de Mozilla informaron de fallos de seguridad de memoria presentes en el código compartido entre Firefox y Thunderbird. Algunos de estos fallos m... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29970 – Mozilla: Use-after-free in accessibility features of a document
https://notcve.org/view.php?id=CVE-2021-29970
15 Jul 2021 — A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. Una página web maliciosa podría desencadenar un uso de memoria previamente liberada, una corrupción de memoria y un bloqueo potencialmente explotable. *Este bug sólo podía ser desencadenado cuando la accesibilidad estaba activada. • https://bugzilla.mozilla.org/show_bug.cgi?id=1709976 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29955
https://notcve.org/view.php?id=CVE-2021-29955
24 Jun 2021 — A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. Una vulnerabilidad de ejecución transitoria, denominada Floating Point Value Injection (FPVI) permitía a un atacante filtrar direcciones de memoria arbitrarias y tambié... • https://bugzilla.mozilla.org/show_bug.cgi?id=1692972 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29964
https://notcve.org/view.php?id=CVE-2021-29964
24 Jun 2021 — A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Un programa hostil instalado localmente podría enviar mensajes "WM_COPYDATA" que Firefox procesaría incorrectamente, conllevando una lectura fuera de límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1706501 • CWE-125: Out-of-bounds Read •