Headline

CVE-2021-4129: Bug List

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0.

1 year ago

CVE

Open in Source

#vulnerability #dell #firefox

Thu Dec 22 2022 14:09:06 PST

Bug ID: 1393362, 1736046, 1736751, 1737009, 1739372, 1739421?cve=title

Type

Summary

Product

Comp

Assignee▲

Status▲

Resolution

Updated

1736046

Assertion failure: data.Size() % 8 == 0, at vm/StructuredClone.cpp:727

Core

DOM: postMessage

sphink

RESO

FIXE

2022-08-26

1393362

Unchecked size can lead to zero byte allocation or undefined behavior

Core

Graphics

lsalzman

RESO

FIXE

2022-08-26

1737009

nsTextFragment::SetTo should check given string length

Core

DOM: Core & HTML

masayuki

RESO

FIXE

2022-08-26

1736751

heap-use-after-free in [@ mozilla::TaskController::EnsureMainThreadTasksScheduled]

Core

XPCOM

continuation

RESO

FIXE

2022-08-26

1739372

Crash in [@ VisitDocAccessibleParentDescendantsAtTopLevelInContentProcess<T>]

Core

Disability Access AP

jteh

RESO

FIXE

2022-08-26

1739421

Ensure access to mITimer is done under lock in nsTimerImpl

Core

XPCOM

rjesup

RESO

FIXE

2022-08-26

6 bugs found.

REST | CSV | Feed | iCalendar
Change Columns

Edit Search

File a new bug in the “Core” product

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

2 years ago

Packet Storm

Open in Source

#vulnerability #web #mac #linux

CVE-2021-43542: Security Vulnerabilities fixed in Firefox 95

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #android #mac #dos #perl #buffer_overflow #dell #firefox

CVE-2021-43528: Security Vulnerabilities fixed in Thunderbird 91.4.0

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

2 years ago

CVE

Open in Source

#vulnerability #dos #java #perl #buffer_overflow #dell #chrome