CVE-2021-29967

Summary

CVE	CVE-2021-29967
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-24 14:15:00 UTC
Updated	2022-12-09 18:30:00 UTC
Description	Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Security Vulnerabilities fixed in Thunderbird 78.11 — Mozilla	MISC	www.mozilla.org
Bug List	MISC	bugzilla.mozilla.org
Mozilla Thunderbird: Multiple Vulnerabilities (GLSA 202208-14) — Gentoo security	GENTOO	security.gentoo.org
Security Vulnerabilities fixed in Firefox 89 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 78.11 — Mozilla	MISC	www.mozilla.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159241 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-2206)
159242 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-2233)
159247 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-2263)
159248 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-2264)
178651 Debian Security Update for firefox-esr (DSA 4925-1)
178653 Debian Security Update for thunderbird (DSA 4927-1)
178655 Debian Security Update for firefox-esr (DLA 2673-1)
178662 Debian Security Update for thunderbird (DLA 2679-1)
179684 Debian Security Update for firefox-esrthunderbird (CVE-2021-29967)
198397 Ubuntu Security Notification for Firefox vulnerabilities (USN-4978-1)
198415 Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-1)
198424 Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-2)
239360 Red Hat Update for thunderbird (RHSA-2021:2264)
239361 Red Hat Update for thunderbird (RHSA-2021:2262)
239367 Red Hat Update for firefox (RHSA-2021:2233)
239370 Red Hat Update for firefox (RHSA-2021:2214)
239371 Red Hat Update for firefox (RHSA-2021:2208)
239372 Red Hat Update for firefox (RHSA-2021:2206)
239416 Red Hat Update for thunderbird (RHSA-2021:2263)
239417 Red Hat Update for thunderbird (RHSA-2021:2261)
257094 CentOS Security Update for firefox (CESA-2021:2206)
296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
352456 Amazon Linux Security Advisory for thunderbird: ALAS2-2021-1681
375606 Mozilla Firefox Multiple Vulnerabilities (MFSA2021-23)
375607 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-24)
375609 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-26)
500934 Alpine Linux Security Update for firefox-esr
501558 Alpine Linux Security Update for firefox
501616 Alpine Linux Security Update for mozjs78
502381 Alpine Linux Security Update for thunderbird
503632 Alpine Linux Security Update for thunderbird
503634 Alpine Linux Security Update for thunderbird
503650 Alpine Linux Security Update for thunderbird
503669 Alpine Linux Security Update for thunderbird
503849 Alpine Linux Security Update for firefox
506260 Alpine Linux Security Update for thunderbird
630721 Mozilla Firefox For Android Multiple Vulnerabilities
710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
750119 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1884-1)
750123 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1886-1)
750141 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1919-1)
750166 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:0858-1)
750714 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:0910-1)
750815 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:2003-1)
750823 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:1884-1)
940023 AlmaLinux Security Update for thunderbird (ALSA-2021:2264)
940124 AlmaLinux Security Update for firefox (ALSA-2021:2233)
960045 Rocky Linux Security Update for thunderbird (RLSA-2021:2264)
960086 Rocky Linux Security Update for firefox (RLSA-2021:2233)