CVE-2021-23981HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
References
https://www.mozilla.org/security/advisories/mfsa2021-11/
https://www.mozilla.org/security/advisories/mfsa2021-12/
Details
Source: MITRE
Published: 2021-03-31
Updated: 2021-06-24
Type: CWE-119
Risk Information
CVSS v2
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 151017 | Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4995-2) | Nessus | Ubuntu Local Security Checks | high |
| 150949 | Ubuntu 20.04 LTS / 20.10 : Thunderbird vulnerabilities (USN-4995-1) | Nessus | Ubuntu Local Security Checks | high |
| 150566 | SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14684-1) | Nessus | SuSE Local Security Checks | high |
| 149555 | openSUSE Security Update : MozillaThunderbird (openSUSE-2021-580) | Nessus | SuSE Local Security Checks | high |
| 149233 | GLSA-202104-10 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 149226 | GLSA-202104-09 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 148913 | Amazon Linux 2 : thunderbird (ALAS-2021-1632) | Nessus | Amazon Linux Local Security Checks | high |
| 148308 | openSUSE Security Update : MozillaFirefox (openSUSE-2021-487) | Nessus | SuSE Local Security Checks | high |
| 148304 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:1007-1) | Nessus | SuSE Local Security Checks | high |
| 148276 | SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:0999-1) | Nessus | SuSE Local Security Checks | high |
| 148235 | Debian DSA-4876-1 : thunderbird - security update | Nessus | Debian Local Security Checks | high |
| 148226 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0966-1) | Nessus | SuSE Local Security Checks | high |
| 148206 | Debian DLA-2609-1 : thunderbird security update | Nessus | Debian Local Security Checks | high |
| 148188 | CentOS 8 : firefox (CESA-2021:0990) | Nessus | CentOS Local Security Checks | high |
| 148187 | CentOS 8 : thunderbird (CESA-2021:0993) | Nessus | CentOS Local Security Checks | high |
| 148185 | CentOS 7 : thunderbird (CESA-2021:0996) | Nessus | CentOS Local Security Checks | high |
| 148184 | CentOS 7 : firefox (CESA-2021:0992) | Nessus | CentOS Local Security Checks | high |
| 148183 | Oracle Linux 8 : firefox (ELSA-2021-0990) | Nessus | Oracle Linux Local Security Checks | high |
| 148181 | Oracle Linux 8 : thunderbird (ELSA-2021-0993) | Nessus | Oracle Linux Local Security Checks | high |
| 148169 | Debian DSA-4874-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | high |
| 148166 | Debian DLA-2607-1 : firefox-esr security update | Nessus | Debian Local Security Checks | high |
| 148135 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Firefox vulnerabilities (USN-4893-1) | Nessus | Ubuntu Local Security Checks | high |
| 148134 | Oracle Linux 7 : thunderbird (ELSA-2021-0996) | Nessus | Oracle Linux Local Security Checks | high |
| 148127 | Oracle Linux 7 : firefox (ELSA-2021-0992) | Nessus | Oracle Linux Local Security Checks | high |
| 148121 | RHEL 8 : thunderbird (RHSA-2021:0994) | Nessus | Red Hat Local Security Checks | high |
| 148120 | RHEL 8 : firefox (RHSA-2021:0990) | Nessus | Red Hat Local Security Checks | high |
| 148119 | RHEL 8 : firefox (RHSA-2021:0991) | Nessus | Red Hat Local Security Checks | high |
| 148118 | RHEL 8 : firefox (RHSA-2021:0989) | Nessus | Red Hat Local Security Checks | high |
| 148116 | RHEL 8 : thunderbird (RHSA-2021:0993) | Nessus | Red Hat Local Security Checks | high |
| 148115 | RHEL 8 : thunderbird (RHSA-2021:0995) | Nessus | Red Hat Local Security Checks | high |
| 148114 | RHEL 7 : firefox (RHSA-2021:0992) | Nessus | Red Hat Local Security Checks | high |
| 148113 | RHEL 7 : thunderbird (RHSA-2021:0996) | Nessus | Red Hat Local Security Checks | high |
| 148110 | Mozilla Thunderbird < 78.9 | Nessus | Windows | high |
| 148109 | Mozilla Thunderbird < 78.9 | Nessus | MacOS X Local Security Checks | high |
| 148015 | Mozilla Firefox < 87.0 | Nessus | MacOS X Local Security Checks | high |
| 148014 | Mozilla Firefox < 87.0 | Nessus | Windows | high |
| 148013 | Mozilla Firefox ESR < 78.9 | Nessus | MacOS X Local Security Checks | high |
| 148012 | Mozilla Firefox ESR < 78.9 | Nessus | Windows | high |