CVE-2021-38493

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

References

https://www.mozilla.org/security/advisories/mfsa2021-42/

https://www.mozilla.org/security/advisories/mfsa2021-38/

https://www.mozilla.org/security/advisories/mfsa2021-39/

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107

Details

Source: MITRE

Published: 2021-11-03

Updated: 2021-11-04

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
156395openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)NessusSuSE Local Security Checks
critical
156292SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1)NessusSuSE Local Security Checks
critical
156271openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:4150-1)NessusSuSE Local Security Checks
critical
155308Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : Thunderbird vulnerabilities (USN-5146-1)NessusUbuntu Local Security Checks
high
154912Amazon Linux 2 : thunderbird (ALAS-2021-1720)NessusAmazon Linux Local Security Checks
high
153512Debian DSA-4973-1 : thunderbird - security updateNessusDebian Local Security Checks
high
153473CentOS 7 : thunderbird (CESA-2021:3494)NessusCentOS Local Security Checks
high
153472CentOS 7 : firefox (CESA-2021:3498)NessusCentOS Local Security Checks
high
153412CentOS 8 : firefox (CESA-2021:3497)NessusCentOS Local Security Checks
high
153410CentOS 8 : thunderbird (CESA-2021:3499)NessusCentOS Local Security Checks
high
153242RHEL 8 : firefox (RHSA-2021:3501)NessusRed Hat Local Security Checks
high
153241Oracle Linux 7 : firefox (ELSA-2021-3498)NessusOracle Linux Local Security Checks
high
153239Oracle Linux 8 : thunderbird (ELSA-2021-3499)NessusOracle Linux Local Security Checks
high
153238RHEL 7 : firefox (RHSA-2021:3498)NessusRed Hat Local Security Checks
high
153237Oracle Linux 8 : firefox (ELSA-2021-3497)NessusOracle Linux Local Security Checks
high
153236Oracle Linux 7 : thunderbird (ELSA-2021-3494)NessusOracle Linux Local Security Checks
high
153235RHEL 8 : firefox (RHSA-2021:3497)NessusRed Hat Local Security Checks
high
153234RHEL 8 : firefox (RHSA-2021:3496)NessusRed Hat Local Security Checks
high
153232RHEL 8 : thunderbird (RHSA-2021:3495)NessusRed Hat Local Security Checks
high
153230RHEL 8 : thunderbird (RHSA-2021:3500)NessusRed Hat Local Security Checks
high
153229RHEL 8 : thunderbird (RHSA-2021:3499)NessusRed Hat Local Security Checks
high
153228RHEL 7 : thunderbird (RHSA-2021:3494)NessusRed Hat Local Security Checks
high
153227Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:3498)NessusScientific Linux Local Security Checks
high
153226Debian DLA-2757-1 : thunderbird - LTS security updateNessusDebian Local Security Checks
high
153225Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:3494)NessusScientific Linux Local Security Checks
high
153216Debian DLA-2756-1 : firefox-esr - LTS security updateNessusDebian Local Security Checks
high
153202Debian DSA-4969-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
153183Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : Firefox vulnerabilities (USN-5074-1)NessusUbuntu Local Security Checks
high
153112Mozilla Thunderbird < 78.14NessusMacOS X Local Security Checks
high
153111Mozilla Thunderbird < 78.14NessusWindows
high
153091Mozilla Firefox ESR < 78.14NessusMacOS X Local Security Checks
high
153090Mozilla Firefox ESR < 78.14NessusWindows
high
153089Mozilla Firefox < 92.0NessusWindows
high
153088Mozilla Firefox < 92.0NessusMacOS X Local Security Checks
high