Headline
CVE-2021-4129: Bug List
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0.
Thu Dec 22 2022 14:09:06 PST
- Bug ID: 1393362, 1736046, 1736751, 1737009, 1739372, 1739421?cve=title
ID
Type
Summary
Product
Comp
Assignee▲
Status▲
Resolution
Updated
1736046
Assertion failure: data.Size() % 8 == 0, at vm/StructuredClone.cpp:727
Core
DOM: postMessage
sphink
RESO
FIXE
2022-08-26
1393362
Unchecked size can lead to zero byte allocation or undefined behavior
Core
Graphics
lsalzman
RESO
FIXE
2022-08-26
1737009
nsTextFragment::SetTo should check given string length
Core
DOM: Core & HTML
masayuki
RESO
FIXE
2022-08-26
1736751
heap-use-after-free in [@ mozilla::TaskController::EnsureMainThreadTasksScheduled]
Core
XPCOM
continuation
RESO
FIXE
2022-08-26
1739372
Crash in [@ VisitDocAccessibleParentDescendantsAtTopLevelInContentProcess<T>]
Core
Disability Access AP
jteh
RESO
FIXE
2022-08-26
1739421
Ensure access to mITimer is done under lock in nsTimerImpl
Core
XPCOM
rjesup
RESO
FIXE
2022-08-26
6 bugs found.
REST | CSV | Feed | iCalendar
Change Columns
Edit Search
as
File a new bug in the “Core” product
Related news
Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.