CVE-2021-23987

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

References

https://www.mozilla.org/security/advisories/mfsa2021-11/

https://www.mozilla.org/security/advisories/mfsa2021-12/

https://www.mozilla.org/security/advisories/mfsa2021-10/

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718

Details

Source: MITRE

Published: 2021-03-31

Updated: 2021-06-24

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
151017Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4995-2)NessusUbuntu Local Security Checks
high
150949Ubuntu 20.04 LTS / 20.10 : Thunderbird vulnerabilities (USN-4995-1)NessusUbuntu Local Security Checks
high
150566SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14684-1)NessusSuSE Local Security Checks
high
149555openSUSE Security Update : MozillaThunderbird (openSUSE-2021-580)NessusSuSE Local Security Checks
high
149233GLSA-202104-10 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
149226GLSA-202104-09 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
148913Amazon Linux 2 : thunderbird (ALAS-2021-1632)NessusAmazon Linux Local Security Checks
high
148308openSUSE Security Update : MozillaFirefox (openSUSE-2021-487)NessusSuSE Local Security Checks
high
148304SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:1007-1)NessusSuSE Local Security Checks
high
148276SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:0999-1)NessusSuSE Local Security Checks
high
148235Debian DSA-4876-1 : thunderbird - security updateNessusDebian Local Security Checks
high
148226SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0966-1)NessusSuSE Local Security Checks
high
148206Debian DLA-2609-1 : thunderbird security updateNessusDebian Local Security Checks
high
148188CentOS 8 : firefox (CESA-2021:0990)NessusCentOS Local Security Checks
high
148187CentOS 8 : thunderbird (CESA-2021:0993)NessusCentOS Local Security Checks
high
148185CentOS 7 : thunderbird (CESA-2021:0996)NessusCentOS Local Security Checks
high
148184CentOS 7 : firefox (CESA-2021:0992)NessusCentOS Local Security Checks
high
148183Oracle Linux 8 : firefox (ELSA-2021-0990)NessusOracle Linux Local Security Checks
high
148181Oracle Linux 8 : thunderbird (ELSA-2021-0993)NessusOracle Linux Local Security Checks
high
148169Debian DSA-4874-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
148166Debian DLA-2607-1 : firefox-esr security updateNessusDebian Local Security Checks
high
148135Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Firefox vulnerabilities (USN-4893-1)NessusUbuntu Local Security Checks
high
148134Oracle Linux 7 : thunderbird (ELSA-2021-0996)NessusOracle Linux Local Security Checks
high
148127Oracle Linux 7 : firefox (ELSA-2021-0992)NessusOracle Linux Local Security Checks
high
148121RHEL 8 : thunderbird (RHSA-2021:0994)NessusRed Hat Local Security Checks
high
148120RHEL 8 : firefox (RHSA-2021:0990)NessusRed Hat Local Security Checks
high
148119RHEL 8 : firefox (RHSA-2021:0991)NessusRed Hat Local Security Checks
high
148118RHEL 8 : firefox (RHSA-2021:0989)NessusRed Hat Local Security Checks
high
148116RHEL 8 : thunderbird (RHSA-2021:0993)NessusRed Hat Local Security Checks
high
148115RHEL 8 : thunderbird (RHSA-2021:0995)NessusRed Hat Local Security Checks
high
148114RHEL 7 : firefox (RHSA-2021:0992)NessusRed Hat Local Security Checks
high
148113RHEL 7 : thunderbird (RHSA-2021:0996)NessusRed Hat Local Security Checks
high
148110Mozilla Thunderbird < 78.9NessusWindows
high
148109Mozilla Thunderbird < 78.9NessusMacOS X Local Security Checks
high
148015Mozilla Firefox < 87.0NessusMacOS X Local Security Checks
high
148014Mozilla Firefox < 87.0NessusWindows
high
148013Mozilla Firefox ESR < 78.9NessusMacOS X Local Security Checks
high
148012Mozilla Firefox ESR < 78.9NessusWindows
high