CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29984 – Mozilla: Incorrect instruction reordering during JIT optimization
https://notcve.org/view.php?id=CVE-2021-29984
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una reordenación de instrucciones resultaba en una secuencia de instrucciones que causaría que un objeto fuera considerado incorrectamente durante la recogida de basura. Esto conllevaba a una corrupción de la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://www.mozilla.org/security/advisories/mfsa2021-36 https://access.redhat.com/security/cve/CVE-2021-29984 https://bugzilla.redhat.com/show_bug.cgi?id=1992420 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29989 – Mozilla: Memory safety bugs fixed in Thunderbird 78.13
https://notcve.org/view.php?id=CVE-2021-29989
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Firefox 90 y Firefox ESR 78.12. Algunos de estos bugs mostraron evidencias de corrupción de la memoria y presumimos que con esfuerzo suficiente algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://access.redhat.com/security/cve/CVE-2021-29989 https://bugzilla.redhat.com/show_bug.cgi?id=1992423 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-29985 – Mozilla: Use-after-free media channels
https://notcve.org/view.php?id=CVE-2021-29985
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una vulnerabilidad de uso de la memoria previamente liberada en los canales multimedia podría haber conllevado a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.13, Thunderbird versiones anteriores a 91, Firefox ESR versiones anteriores a 78.13, y Firefox versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1722083 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://www.mozilla.org/security/advisories/mfsa2021-36 https://access.redhat.com/security/cve/CVE-2021-29985 https://bugzilla.redhat.com/show_bug.cgi?id=1992422 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-29980 – Mozilla: Uninitialized memory in a canvas object could have led to memory corruption
https://notcve.org/view.php?id=CVE-2021-29980
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Una memoria no inicializada en un objeto canvas podría haber causado una función free() incorrecta, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.13, Thunderbird versiones anteriores a 91, Firefox ESR versiones anteriores a 78.13 y Firefox versiones anteriores a 91. • https://bugzilla.mozilla.org/show_bug.cgi?id=1722204 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-33 https://www.mozilla.org/security/advisories/mfsa2021-34 https://www.mozilla.org/security/advisories/mfsa2021-35 https://www.mozilla.org/security/advisories/mfsa2021-36 https://access.redhat.com/security/cve/CVE-2021-29980 https://bugzilla.redhat.com/show_bug.cgi?id=1992421 • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29971
https://notcve.org/view.php?id=CVE-2021-29971
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. Si un usuario ha concedido un permiso a una página web y ha guardado esa concesión, cualquier página web que se ejecute en el mismo host -independientemente del esquema o del puerto- recibirá ese permiso. • https://bugzilla.mozilla.org/show_bug.cgi?id=1713638 https://www.mozilla.org/security/advisories/mfsa2021-28 • CWE-281: Improper Preservation of Permissions •