CVE-2021-23981

Published on: 03/31/2021 12:00:00 AM UTC

Last Modified on: 05/03/2022 04:04:00 PM UTC

CVE-2021-23981

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Certain versions of Firefox from Mozilla contain the following vulnerability:

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

CVE-2021-23981 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
Affected Vendor/Software: Mozilla - Firefox ESR version < 78.9
Affected Vendor/Software: Mozilla - Firefox version < 87
Affected Vendor/Software: Mozilla - Thunderbird version < 78.9

CVSS3 Score: 8.1 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	REQUIRED
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	NONE	HIGH

CVSS2 Score: 5.8 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	MEDIUM	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
PARTIAL	NONE	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
Mozilla Firefox: Multiple vulnerabilities (GLSA 202104-10) — Gentoo security	security.gentoo.org text/html	GENTOO GLSA-202104-10
Security Vulnerabilities fixed in Thunderbird 78.9 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2021-12/
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 202104-09) — Gentoo security	security.gentoo.org text/html	GENTOO GLSA-202104-09
Security Vulnerabilities fixed in Firefox 87 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2021-10/
Security Vulnerabilities fixed in Firefox ESR 78.9 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2021-11/
Access Denied	bugzilla.mozilla.org text/html	MISC bugzilla.mozilla.org/show_bug.cgi?id=1692832

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

159123 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-0990)
159124 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-0992)
159125 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-0993)
159126 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-0996)
174866 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:0966-1)
174909 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:0999-1)
174913 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1007-1)
178504 Debian Security Update for firefox-esr (DLA 2607-1)
178506 Debian Security Update for thunderbird (DLA 2609-1)
178514 Debian Security Update for thunderbird (DSA 4876-1)
178521 Debian Security Update for firefox-esr (DSA 4874-1)
179897 Debian Security Update for firefox-esrthunderbird (CVE-2021-23981)
198311 Ubuntu Security Notification for Firefox Vulnerabilities (USN-4893-1)
198415 Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-1)
198424 Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-2)
239187 Red Hat Update for thunderbird (RHSA-2021:0996)
239188 Red Hat Update for thunderbird (RHSA-2021:0995)
239189 Red Hat Update for thunderbird (RHSA-2021:0994)
239190 Red Hat Update for thunderbird (RHSA-2021:0993)
239191 Red Hat Update for firefox (RHSA-2021:0992)
239192 Red Hat Update for firefox (RHSA-2021:0991)
239193 Red Hat Update for firefox (RHSA-2021:0990)
239194 Red Hat Update for firefox (RHSA-2021:0989)
257071 CentOS Security Update for firefox (CESA-2021:0992)
257072 CentOS Security Update for thunderbird (CESA-2021:0996)
352266 Amazon Linux Security Advisory for thunderbird: ALAS2-2021-1632
375408 Mozilla Firefox Multiple Vulnerabilities (MFSA2021-10)
375409 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-11)
375412 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-12)
500942 Alpine Linux Security Update for firefox-esr
501555 Alpine Linux Security Update for firefox
502379 Alpine Linux Security Update for thunderbird
630668 Mozilla Firefox for Android and iOS Multiple Vulnerabilities (MFSA2021-10)
710019 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202104-09)
710020 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202104-10)
750260 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:0580-1)
750288 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:0487-1)
940138 AlmaLinux Security Update for thunderbird (ALSA-2021:0993)
940159 AlmaLinux Security Update for firefox (ALSA-2021:0990)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)