Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these
bugs showed evidence of memory corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13,
and Firefox < 91. (CVE-2021-29989)
- Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption
and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91,
Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29980)
- Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly
considered during garbage collection. This led to memory corruption and a potentially exploitable crash.
This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
(CVE-2021-29984)
- A use-after-free vulnerability in media channels could have led to memory corruption and a potentially
exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13,
and Firefox < 91. (CVE-2021-29985)
- A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable
crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.*
This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
(CVE-2021-29986)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 8/10/2021