CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38500 – Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
https://notcve.org/view.php?id=CVE-2021-38500
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 92 y Firefox ESR 91.1. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1725854%2C1728321 https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-43 https://www.mozilla.org/security/advisories/mfsa2021-44 https://www.mozilla.org/security/advisories/mfsa2021-45 https://www.mozilla.org/security/advisories/mfsa2021-46 https://www.mozilla.org/security/advisories/mfsa2021-47 https://access.redhat.com/security& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38497 – Mozilla: Validation message could have been overlaid on another origin
https://notcve.org/view.php?id=CVE-2021-38497
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Mediante el uso de las funciones reportValidity() y window.open(), un mensaje de comprobación de texto plano podría haberse superpuesto a otro origen, conllevando una posible confusión del usuario y ataques de suplantación. Esta vulnerabilidad afecta a Firefox versiones anteriores a 93, Thunderbird versiones anteriores a 91.2 y Firefox ESR versiones anteriores a 91.2 • https://bugzilla.mozilla.org/show_bug.cgi?id=1726621 https://www.mozilla.org/security/advisories/mfsa2021-43 https://www.mozilla.org/security/advisories/mfsa2021-45 https://www.mozilla.org/security/advisories/mfsa2021-47 https://access.redhat.com/security/cve/CVE-2021-38497 https://bugzilla.redhat.com/show_bug.cgi?id=2011098 • CWE-346: Origin Validation Error CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38501 – Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
https://notcve.org/view.php?id=CVE-2021-38501
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 92 y Firefox ESR 91.1. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685354%2C1715755%2C1723176 https://www.mozilla.org/security/advisories/mfsa2021-43 https://www.mozilla.org/security/advisories/mfsa2021-45 https://www.mozilla.org/security/advisories/mfsa2021-47 https://access.redhat.com/security/cve/CVE-2021-38501 https://bugzilla.redhat.com/show_bug.cgi?id=2011101 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38493 – Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://notcve.org/view.php?id=CVE-2021-38493
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox versión 91 y Firefox ESR versión 78.13. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-38 https://www.mozilla.org/security/advisories/mfsa2021-39 https://www.mozilla.org/security/advisories/mfsa2021-42 https://access.redhat.com/security/cve/CVE-2021-38493 https://bugzilla.redhat.com/show_bug.cgi?id=2002119 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29984 – Mozilla: Incorrect instruction reordering during JIT optimization
https://notcve.org/view.php?id=CVE-2021-29984
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una reordenación de instrucciones resultaba en una secuencia de instrucciones que causaría que un objeto fuera considerado incorrectamente durante la recogida de basura. Esto conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://www.mozilla.org/security/advisories/mfsa2021-36 https://access.redhat.com/security/cve/CVE-2021-29984 https://bugzilla.redhat.com/show_bug.cgi?id=1992420 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •