CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29952
https://notcve.org/view.php?id=CVE-2021-29952
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. Cuando se destruían los componentes de Web Render, una condición de carrera podría haber causado un comportamiento indefinido, y presumimos que con suficiente esfuerzo podría haber sido explotable para ejecutar código arbitrario. Esta vulnerabilidad afecta a Firefox versiones anteriores a 88.0.1 y a Firefox para Android versiones anteriores a 88.1.3 • https://bugzilla.mozilla.org/show_bug.cgi?id=1704227 https://www.mozilla.org/security/advisories/mfsa2021-20 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29951 – Mozilla Windows Maintenance Service Weak DACL
https://notcve.org/view.php?id=CVE-2021-29951
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. • https://bugzilla.mozilla.org/show_bug.cgi?id=1690062 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-18 https://www.mozilla.org/security/advisories/mfsa2021-19 • CWE-269: Improper Privilege Management •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24000
https://notcve.org/view.php?id=CVE-2021-24000
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. Una condición de carrera con las funciones requestPointerLock() y setTimeout() podría haber resultado en un usuario interactuando con una pestaña cuando creía que estaba en una pestaña separada. En conjunción con determinados elementos (como <input type="file">) esto podría haber conllevado a un ataque donde un usuario se confundiera sobre el origen de la página web y potencialmente revelara información que no pretendía. • https://bugzilla.mozilla.org/show_bug.cgi?id=1694698 https://www.mozilla.org/security/advisories/mfsa2021-16 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29947
https://notcve.org/view.php?id=CVE-2021-29947
Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. Unos desarrolladores y miembros de la comunidad de Mozilla han reportado bugs de seguridad de memoria presentes en Firefox versión 87. Algunos de estos bugs mostraban evidencias de corrupción de memoria y presumimos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651449%2C1674142%2C1693476%2C1696886%2C1700091 https://www.mozilla.org/security/advisories/mfsa2021-16 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23997
https://notcve.org/view.php?id=CVE-2021-23997
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. Debido a conversiones inesperadas de tipos de datos, podría haberse producido un uso de memoria previamente liberada al interactuar con la caché de fuentes. Presumimos que con suficiente esfuerzo esto podría haber sido explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1701942 https://www.mozilla.org/security/advisories/mfsa2021-16 • CWE-681: Incorrect Conversion between Numeric Types •