CVE-2021-29989

Summary

CVE	CVE-2021-29989
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-17 20:15:00 UTC
Updated	2022-12-09 19:18:00 UTC
Description	Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Security Vulnerabilities fixed in Firefox 91 — Mozilla	MISC	www.mozilla.org
Bug List	MISC	bugzilla.mozilla.org
Mozilla Thunderbird: Multiple Vulnerabilities (GLSA 202208-14) — Gentoo security	GENTOO	security.gentoo.org
Security Vulnerabilities fixed in Thunderbird 78.13 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 78.13 — Mozilla	MISC	www.mozilla.org
Mozilla Firefox: Multiple vulnerabilities (GLSA 202202-03) — Gentoo security	GENTOO	security.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159356 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-3154)
159357 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-3155)
159358 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-3157)
159360 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-3160)
178754 Debian Security Update for firefox-esr (DSA 4956-1)
178757 Debian Security Update for firefox-esr (DLA 2740-1)
178762 Debian Security Update for thunderbird (DSA 4959-1)
178765 Debian Security Update for thunderbird (DLA 2745-1)
181957 Debian Security Update for firefox-esrthunderbird (CVE-2021-29989)
198457 Ubuntu Security Notification for Firefox vulnerabilities (USN-5037-1)
198479 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5058-1)
198481 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5058-1)
198483 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5058-1)
239556 Red Hat Update for thunderbird (RHSA-2021:3160)
239557 Red Hat Update for firefox (RHSA-2021:3159)
239559 Red Hat Update for firefox (RHSA-2021:3157)
239560 Red Hat Update for firefox (RHSA-2021:3156)
239561 Red Hat Update for thunderbird (RHSA-2021:3155)
239562 Red Hat Update for firefox (RHSA-2021:3154)
239571 Red Hat Update for thunderbird (RHSA-2021:3162)
239572 Red Hat Update for thunderbird (RHSA-2021:3161)
257105 CentOS Security Update for firefox (CESA-2021:3154)
257106 CentOS Security Update for thunderbird (CESA-2021:3160)
352834 Amazon Linux Security Advisory for thunderbird: ALAS2-2021-1709
375753 Mozilla Firefox Multiple Vulnerability (MFSA2021-33)
375754 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-34)
375762 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-35)
375767 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-36)
501551 Alpine Linux Security Update for firefox-esr
501617 Alpine Linux Security Update for mozjs78
502080 Alpine Linux Security Update for firefox
502381 Alpine Linux Security Update for thunderbird
503632 Alpine Linux Security Update for thunderbird
503634 Alpine Linux Security Update for thunderbird
503650 Alpine Linux Security Update for thunderbird
503669 Alpine Linux Security Update for thunderbird
503851 Alpine Linux Security Update for firefox
506260 Alpine Linux Security Update for thunderbird
710574 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202202-03)
710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
750969 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:2691-1)
750970 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:2694-1)
750997 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:1184-1)
751026 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:2774-1)
751062 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:2874-1)
751210 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:3331-1)
751226 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:3331-1)
751237 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:3451-1)
751246 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:1367-1)
751369 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:3191-1)
752111 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1582-1)
752113 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1577-1)
940055 AlmaLinux Security Update for thunderbird (ALSA-2021:3155)
940147 AlmaLinux Security Update for firefox (ALSA-2021:3157)
960015 Rocky Linux Security Update for firefox (RLSA-2021:3157)
960029 Rocky Linux Security Update for thunderbird (RLSA-2021:3155)