CVE-2021-38493 – Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
https://notcve.org/view.php?id=CVE-2021-38493
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox versión 91 y Firefox ESR versión 78.13. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-38 https://www.mozilla.org/security/advisories/mfsa2021-39 https://www.mozilla.org/security/advisories/mfsa2021-42 https://access.redhat.com/security/cve/CVE-2021-38493 https://bugzilla.redhat.com/show_bug.cgi?id=2002119 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-40529
https://notcve.org/view.php?id=CVE-2021-40529
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Botan versiones hasta 2.18.1, tal y como se usa en Thunderbird y otros productos, permite una recuperación de texto plano porque, durante la interacción entre dos bibliotecas criptográficas, una determinada combinación peligrosa del primo definido por la clave pública del receptor, el generador definido por la clave pública del receptor y los exponentes efímeros del emisor puede conllevar a un ataque de configuración cruzada contra OpenPGP. • https://eprint.iacr.org/2021/923 https://github.com/randombit/botan/pull/2790 https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72NB4OLD3VHJC3YF3PEP2HKF6BYURPAO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPHGYWNJQKWLTUWBNSFB4F66MQDIL3IB https://security • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-29981
https://notcve.org/view.php?id=CVE-2021-29981
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. Un problema presente en la asignación de bajada y registro podría haber conllevado a fallos de confusión de registro oscuros pero deterministas en el código JITted que conllevaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 https://security.gentoo.org/glsa/202202-03 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-36 •
CVE-2021-29982
https://notcve.org/view.php?id=CVE-2021-29982
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Debido a una optimización JIT incorrecta, interpretamos incorrectamente los datos de un tipo de objeto erróneo, resultando en la posible filtración de un solo bit de memoria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 https://security.gentoo.org/glsa/202202-03 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-36 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2021-29987
https://notcve.org/view.php?id=CVE-2021-29987
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. Después de solicitar múltiples permisos, y cerrar el primer panel de permisos, los paneles de permisos posteriores serán mostrados en una posición diferente pero seguirán registrando un clic en la ubicación predeterminada, haciendo posible engañar a un usuario para que acepte un permiso que no quería. • https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 https://security.gentoo.org/glsa/202202-03 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-36 • CWE-307: Improper Restriction of Excessive Authentication Attempts •