CVE-2021-43534 – Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
https://notcve.org/view.php?id=CVE-2021-43534
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Los desarrolladores y miembros de la comunidad de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 93 y Firefox ESR 91.2. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1606864%2C1712671%2C1730048%2C1735152 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 https://www.mozilla.org/security/advisories/mfsa2021-50 https:/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-43535 – Mozilla: Use-after-free in HTTP2 Session object
https://notcve.org/view.php?id=CVE-2021-43535
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. Podría haberse producido un uso de memoria previamente liberada cuando un objeto de sesión HTTP2 se liberaba en un hilo diferente, conllevando a una corrupción de memoria y un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 93, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1667102 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-43 https://www.mozilla.org/security/advisories/mfsa2021-49 https://www.mozilla.org/security/advisories/mfsa2021-50 https://access.redhat.com/security • CWE-416: Use After Free •
CVE-2021-43543 – Mozilla: Bypass of CSP sandbox directive when embedding
https://notcve.org/view.php?id=CVE-2021-43543
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Los documentos cargados con la directiva CSP sandbox podrían escapar de la restricción de scripts del sandbox al insertar contenido adicional. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 • https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-52 https://www.mozilla.org/security/advisories/mfsa2021-53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-43538 – Mozilla: Missing fullscreen and pointer lock notification when requesting both
https://notcve.org/view.php?id=CVE-2021-43538
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Mediante el uso indebido de una carrera en nuestro código de notificación, un atacante podría haber ocultado a la fuerza la notificación de las páginas que habían recibido acceso a pantalla completa y bloqueo de puntero, lo que podría haber sido usado para ataques de suplantación de identidad. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 The Mozilla Foundation Security Advisory describes this flaw as: By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739091 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-52 https://www.mozilla.org/security/advisories/mfsa2021-53 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-43536 – Mozilla: URL leakage when navigating while executing asynchronous function
https://notcve.org/view.php?id=CVE-2021-43536
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. En determinadas circunstancias, las funciones asíncronas podrían haber causado el fallo de una navegación pero exponiendo la URL de destino. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95 The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730120 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-52 https://www.mozilla.org/security/advisories/mfsa2021-53 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1021: Improper Restriction of Rendered UI Layers or Frames •