CVE-2021-38496

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

References

https://www.mozilla.org/security/advisories/mfsa2021-43/

https://www.mozilla.org/security/advisories/mfsa2021-45/

https://www.mozilla.org/security/advisories/mfsa2021-44/

https://www.mozilla.org/security/advisories/mfsa2021-47/

https://www.mozilla.org/security/advisories/mfsa2021-46/

https://bugzilla.mozilla.org/show_bug.cgi?id=1725335

https://www.debian.org/security/2022/dsa-5034

https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html

Details

Source: MITRE

Published: 2021-11-03

Updated: 2022-01-04

Type: CWE-416

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
156561Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5132-1)NessusUbuntu Local Security Checks
high
156457Debian DLA-2874-1 : thunderbird - LTS security updateNessusDebian Local Security Checks
critical
156451Debian DSA-5034-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
156395openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)NessusSuSE Local Security Checks
critical
156292SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1)NessusSuSE Local Security Checks
critical
156271openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:4150-1)NessusSuSE Local Security Checks
critical
155552CentOS 7 : thunderbird (CESA-2021:3841)NessusCentOS Local Security Checks
high
155551CentOS 7 : firefox (CESA-2021:3791)NessusCentOS Local Security Checks
high
154353Oracle Linux 7 : thunderbird (ELSA-2021-3841)NessusOracle Linux Local Security Checks
high
154341Oracle Linux 7 : firefox (ELSA-2021-3791)NessusOracle Linux Local Security Checks
high
154214openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1367-1)NessusSuSE Local Security Checks
critical
154212SUSE SLES11 Security Update : MozillaFirefox, rust-cbindgen (SUSE-SU-2021:14826-1)NessusSuSE Local Security Checks
critical
154202Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:3791)NessusScientific Linux Local Security Checks
high
154201Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:3841)NessusScientific Linux Local Security Checks
high
154193openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3451-1)NessusSuSE Local Security Checks
critical
154183SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:3446-1)NessusSuSE Local Security Checks
critical
154182SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3451-1)NessusSuSE Local Security Checks
critical
154176Oracle Linux 8 : thunderbird (ELSA-2021-3838)NessusOracle Linux Local Security Checks
high
154158CentOS 8 : thunderbird (CESA-2021:3838)NessusCentOS Local Security Checks
high
154156CentOS 8 : firefox (CESA-2021:3755)NessusCentOS Local Security Checks
high
154143RHEL 8 : thunderbird (RHSA-2021:3840)NessusRed Hat Local Security Checks
high
154136RHEL 8 : thunderbird (RHSA-2021:3839)NessusRed Hat Local Security Checks
high
154135RHEL 8 : thunderbird (RHSA-2021:3838)NessusRed Hat Local Security Checks
high
154134RHEL 7 : thunderbird (RHSA-2021:3841)NessusRed Hat Local Security Checks
high
154077RHEL 7 : firefox (RHSA-2021:3791)NessusRed Hat Local Security Checks
high
154061Mozilla Thunderbird < 78.15NessusMacOS X Local Security Checks
high
154060Mozilla Thunderbird < 78.15NessusWindows
high
154059Mozilla Thunderbird < 91.2NessusWindows
high
154058Mozilla Thunderbird < 91.2NessusMacOS X Local Security Checks
high
154024RHEL 8 : firefox (RHSA-2021:3757)NessusRed Hat Local Security Checks
high
154023RHEL 8 : firefox (RHSA-2021:3756)NessusRed Hat Local Security Checks
high
154022RHEL 8 : firefox (RHSA-2021:3755)NessusRed Hat Local Security Checks
high
154011openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3331-1)NessusSuSE Local Security Checks
critical
154003SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3331-1)NessusSuSE Local Security Checks
critical
153997Oracle Linux 8 : firefox (ELSA-2021-3755)NessusOracle Linux Local Security Checks
high
153996Debian DLA-2782-1 : firefox-esr - LTS security updateNessusDebian Local Security Checks
critical
153941Debian DSA-4981-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
153925Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : Firefox vulnerabilities (USN-5107-1)NessusUbuntu Local Security Checks
high
153881Mozilla Firefox < 93.0NessusWindows
high
153880Mozilla Firefox < 93.0NessusMacOS X Local Security Checks
high
153879Mozilla Firefox ESR < 91.2NessusMacOS X Local Security Checks
high
153878Mozilla Firefox ESR < 91.2NessusWindows
high
153877Mozilla Firefox ESR < 78.15NessusWindows
high
153876Mozilla Firefox ESR < 78.15NessusMacOS X Local Security Checks
high