CVE-2021-23964
Published on: 02/26/2021 12:00:00 AM UTC
Last Modified on: 05/03/2022 04:04:00 PM UTC
Certain versions of Firefox from Mozilla contain the following vulnerability:
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- CVE-2021-23964 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
Mozilla - Firefox version < 85
- Affected Vendor/Software:
Mozilla - Thunderbird version < 78.7
- Affected Vendor/Software:
Mozilla - Firefox ESR version < 78.7
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Bug List | Broken Link Issue Tracking Vendor Advisory bugzilla.mozilla.org text/html |
![]() |
Security Vulnerabilities fixed in Firefox 85 — Mozilla | Release Notes Vendor Advisory www.mozilla.org text/html |
![]() |
Security Vulnerabilities fixed in Firefox ESR 78.7 — Mozilla | Release Notes Vendor Advisory www.mozilla.org text/html |
![]() |
Security Vulnerabilities fixed in Thunderbird 78.7 — Mozilla | Release Notes Vendor Advisory www.mozilla.org text/html |
![]() |
Related QID Numbers
- 174740 SUSE Enterprise Linux Security update for MozillaFirefox (SUSE-SU-2021:0246-1)
- 179721 Debian Security Update for firefox-esrthunderbird (CVE-2021-23964)
- 375430 SeaMonkey Multiple Vulnerabilities
- 500940 Alpine Linux Security Update for firefox-esr
- 501554 Alpine Linux Security Update for firefox
- 501623 Alpine Linux Security Update for mozjs78
- 502378 Alpine Linux Security Update for thunderbird
- 750377 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:0223-1)
- 750378 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:0222-1)
- 750379 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:0208-1)
- 750380 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:0209-1)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Mozilla | Firefox | All | All | All | All |
Application | Mozilla | Firefox | All | All | All | All |
Application | Mozilla | Firefox Esr | All | All | All | All |
Application | Mozilla | Firefox Esr | All | All | All | All |
Application | Mozilla | Thunderbird | All | All | All | All |
Application | Mozilla | Thunderbird | All | All | All | All |
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|