CVE-2021-29967

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041

https://www.mozilla.org/security/advisories/mfsa2021-23/

https://www.mozilla.org/security/advisories/mfsa2021-24/

https://www.mozilla.org/security/advisories/mfsa2021-26/

Details

Source: MITRE

Published: 2021-06-24

Updated: 2021-06-25

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
151686openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:2003-1)NessusSuSE Local Security Checks
high
151269Amazon Linux 2 : thunderbird (ALAS-2021-1681)NessusAmazon Linux Local Security Checks
high
151069openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:0910-1)NessusSuSE Local Security Checks
high
151017Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4995-2)NessusUbuntu Local Security Checks
high
150949Ubuntu 20.04 LTS / 20.10 : Thunderbird vulnerabilities (USN-4995-1)NessusUbuntu Local Security Checks
high
150871SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:2003-1)NessusSuSE Local Security Checks
critical
150838CentOS 8 : thunderbird (CESA-2021:2264)NessusCentOS Local Security Checks
high
150765CentOS 7 : firefox (CESA-2021:2206)NessusCentOS Local Security Checks
high
150587SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14743-1)NessusSuSE Local Security Checks
critical
150456SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:1919-1)NessusSuSE Local Security Checks
high
150455openSUSE Security Update : MozillaFirefox (openSUSE-2021-858)NessusSuSE Local Security Checks
critical
150448Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:2263)NessusScientific Linux Local Security Checks
high
150404SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:1886-1)NessusSuSE Local Security Checks
high
150397SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:1884-1)NessusSuSE Local Security Checks
high
150385CentOS 8 : firefox (CESA-2021:2233)NessusCentOS Local Security Checks
high
150348Oracle Linux 8 : thunderbird (ELSA-2021-2264)NessusOracle Linux Local Security Checks
high
150344Oracle Linux 7 : thunderbird (ELSA-2021-2263)NessusOracle Linux Local Security Checks
high
150333Debian DLA-2679-1 : thunderbird security updateNessusDebian Local Security Checks
high
150323RHEL 8 : thunderbird (RHSA-2021:2261)NessusRed Hat Local Security Checks
high
150322RHEL 7 : thunderbird (RHSA-2021:2263)NessusRed Hat Local Security Checks
high
150302Debian DSA-4927-1 : thunderbird - security updateNessusDebian Local Security Checks
high
150294RHEL 8 : firefox (RHSA-2021:2233)NessusRed Hat Local Security Checks
high
150262Debian DLA-2673-1 : firefox-esr security updateNessusDebian Local Security Checks
high
150238Oracle Linux 8 : firefox (ELSA-2021-2233)NessusOracle Linux Local Security Checks
high
150228Debian DSA-4925-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
150160Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:2206)NessusScientific Linux Local Security Checks
high
150158Mozilla Thunderbird < 78.11NessusMacOS X Local Security Checks
high
150157Mozilla Thunderbird < 78.11NessusWindows
high
150153Oracle Linux 7 : firefox (ELSA-2021-2206)NessusOracle Linux Local Security Checks
high
150152Ubuntu 18.04 LTS / 20.10 / 21.04 : Firefox vulnerabilities (USN-4978-1)NessusUbuntu Local Security Checks
high
150147RHEL 8 : firefox (RHSA-2021:2208)NessusRed Hat Local Security Checks
high
150146RHEL 7 : firefox (RHSA-2021:2206)NessusRed Hat Local Security Checks
high
150122Mozilla Firefox ESR < 78.11NessusWindows
high
150121Mozilla Firefox ESR < 78.11NessusMacOS X Local Security Checks
high
150120Mozilla Firefox < 89.0NessusMacOS X Local Security Checks
high
150119Mozilla Firefox < 89.0NessusWindows
high