CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29981
https://notcve.org/view.php?id=CVE-2021-29981
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. Un problema presente en la asignación de bajada y registro podría haber conllevado a fallos de confusión de registro oscuros pero deterministas en el código JITted que conllevaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 https://security.gentoo.org/glsa/202202-03 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-36 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29982
https://notcve.org/view.php?id=CVE-2021-29982
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Debido a una optimización JIT incorrecta, interpretamos incorrectamente los datos de un tipo de objeto erróneo, resultando en la posible filtración de un solo bit de memoria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 https://security.gentoo.org/glsa/202202-03 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-36 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29987
https://notcve.org/view.php?id=CVE-2021-29987
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. Después de solicitar múltiples permisos, y cerrar el primer panel de permisos, los paneles de permisos posteriores serán mostrados en una posición diferente pero seguirán registrando un clic en la ubicación predeterminada, haciendo posible engañar a un usuario para que acepte un permiso que no quería. • https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 https://security.gentoo.org/glsa/202202-03 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-36 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29984 – Mozilla: Incorrect instruction reordering during JIT optimization
https://notcve.org/view.php?id=CVE-2021-29984
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una reordenación de instrucciones resultaba en una secuencia de instrucciones que causaría que un objeto fuera considerado incorrectamente durante la recogida de basura. Esto conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://www.mozilla.org/security/advisories/mfsa2021-36 https://access.redhat.com/security/cve/CVE-2021-29984 https://bugzilla.redhat.com/show_bug.cgi?id=1992420 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 1CVE-2021-29986 – Mozilla: Race condition when resolving DNS names could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29986
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una supuesta condición de carrera cuando se llama a getaddrinfo que conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: Este problema sólo afectaba a los sistemas operativos Linux. • https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://www.mozilla.org/security/advisories/mfsa2021-36 https://access.redhat.com/security/cve/CVE-2021-29986 https://bugzilla.redhat.com/show_bug.cgi?id=1992417 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •