Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23981 (GCVE-0-2021-23981)
Vulnerability from cvelistv5 – Published: 2021-03-31 13:42 – Updated: 2024-08-03 19:14
VLAI?
EPSS
Summary
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
Severity ?
No CVSS data available.
CWE
- Texture upload into an unbound backing buffer resulted in an out-of-bound read
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1692832 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 78.9
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 87
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 78.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "87",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Texture upload into an unbound backing buffer resulted in an out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T13:28:55.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-23981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "87"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.9"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Texture upload into an unbound backing buffer resulted in an out-of-bound read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-23981",
"datePublished": "2021-03-31T13:42:17.000Z",
"dateReserved": "2021-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:14:09.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-23981",
"date": "2026-05-22",
"epss": "0.00369",
"percentile": "0.58908"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"87.0\", \"matchCriteriaId\": \"3533FF74-0FD6-447B-9C37-D491D18EA529\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.9\", \"matchCriteriaId\": \"907D294D-2667-4A67-A4B7-2DDE46BE592D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.9\", \"matchCriteriaId\": \"AB6DE7E3-8F1B-4525-8992-FCDC7CC063D3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.\"}, {\"lang\": \"es\", \"value\": \"Una carga de textura de un Objeto de B\\u00fafer de P\\u00edxeles podr\\u00eda haber confundido el c\\u00f3digo WebGL para omitir el enlace del b\\u00fafer usado para descomprimirlo, resultando en la corrupci\\u00f3n de la memoria y una filtraci\\u00f3n o bloqueo de informaci\\u00f3n potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versi\\u00f3n 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9.\"}]",
"id": "CVE-2021-23981",
"lastModified": "2024-11-21T05:52:08.893",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-03-31T14:15:18.907",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1692832\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-10/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-11/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-12/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1692832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-10/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-11/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-12/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-23981\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2021-03-31T14:15:18.907\",\"lastModified\":\"2024-11-21T05:52:08.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.\"},{\"lang\":\"es\",\"value\":\"Una carga de textura de un Objeto de B\u00fafer de P\u00edxeles podr\u00eda haber confundido el c\u00f3digo WebGL para omitir el enlace del b\u00fafer usado para descomprimirlo, resultando en la corrupci\u00f3n de la memoria y una filtraci\u00f3n o bloqueo de informaci\u00f3n potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versi\u00f3n 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"87.0\",\"matchCriteriaId\":\"3533FF74-0FD6-447B-9C37-D491D18EA529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.9\",\"matchCriteriaId\":\"907D294D-2667-4A67-A4B7-2DDE46BE592D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.9\",\"matchCriteriaId\":\"AB6DE7E3-8F1B-4525-8992-FCDC7CC063D3\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1692832\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-10/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-11/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-12/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1692832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-10/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-11/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-12/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-215
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox et Firefox ESR. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 78.9 | ||
| Mozilla | Firefox ESR | Firefox versions antérieures à 87 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 78.9",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 87",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23986",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23986"
},
{
"name": "CVE-2021-23988",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23988"
},
{
"name": "CVE-2021-23983",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23983"
},
{
"name": "CVE-2021-23981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23981"
},
{
"name": "CVE-2021-23985",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23985"
},
{
"name": "CVE-2021-23984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23984"
},
{
"name": "CVE-2021-23987",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23987"
},
{
"name": "CVE-2021-23982",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23982"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-215",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox et\nFirefox ESR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox et Firefox ESR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-10 du 23 mars 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-11 du 23 mars 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/"
}
]
}
CERTFR-2021-AVI-216
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 78.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 78.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23981"
},
{
"name": "CVE-2021-23984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23984"
},
{
"name": "CVE-2021-23987",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23987"
},
{
"name": "CVE-2021-23982",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23982"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-216",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-12 du 23 mars 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/"
}
]
}
CERTFR-2021-AVI-215
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox et Firefox ESR. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 78.9 | ||
| Mozilla | Firefox ESR | Firefox versions antérieures à 87 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 78.9",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 87",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23986",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23986"
},
{
"name": "CVE-2021-23988",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23988"
},
{
"name": "CVE-2021-23983",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23983"
},
{
"name": "CVE-2021-23981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23981"
},
{
"name": "CVE-2021-23985",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23985"
},
{
"name": "CVE-2021-23984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23984"
},
{
"name": "CVE-2021-23987",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23987"
},
{
"name": "CVE-2021-23982",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23982"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-215",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox et\nFirefox ESR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox et Firefox ESR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-10 du 23 mars 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-11 du 23 mars 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/"
}
]
}
CERTFR-2021-AVI-216
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 78.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 78.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23981"
},
{
"name": "CVE-2021-23984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23984"
},
{
"name": "CVE-2021-23987",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23987"
},
{
"name": "CVE-2021-23982",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23982"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-216",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-12 du 23 mars 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/"
}
]
}
CNVD-2021-27929
Vulnerability from cnvd - Published: 2021-04-13
VLAI Severity ?
Title
Mozilla Firefox越界读取漏洞(CNVD-2021-27929)
Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozilla Firefox存在越界读取漏洞。攻击者可通过上传像素缓冲区对象利用该漏洞导致内存破坏以及信息泄漏或崩溃。
Severity
中
Patch Name
Mozilla Firefox越界读取漏洞(CNVD-2021-27929)的补丁
Patch Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozilla Firefox存在越界读取漏洞。攻击者可通过上传像素缓冲区对象利用该漏洞导致内存破坏以及信息泄漏或崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-23981
Impacted products
| Name | ['Mozilla Firefox <87', 'Mozilla Firefox ESR <78.9', 'Mozilla Thunderbird <78.9'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-23981",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23981"
}
},
"description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4e0a\u4f20\u50cf\u7d20\u7f13\u51b2\u533a\u5bf9\u8c61\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u4ee5\u53ca\u4fe1\u606f\u6cc4\u6f0f\u6216\u5d29\u6e83\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-10/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-27929",
"openTime": "2021-04-13",
"patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4e0a\u4f20\u50cf\u7d20\u7f13\u51b2\u533a\u5bf9\u8c61\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u4ee5\u53ca\u4fe1\u606f\u6cc4\u6f0f\u6216\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2021-27929\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c87",
"Mozilla Firefox ESR \u003c78.9",
"Mozilla Thunderbird \u003c78.9"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23981",
"serverity": "\u4e2d",
"submitTime": "2021-03-26",
"title": "Mozilla Firefox\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2021-27929\uff09"
}
FKIE_CVE-2021-23981
Vulnerability from fkie_nvd - Published: 2021-03-31 14:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3533FF74-0FD6-447B-9C37-D491D18EA529",
"versionEndExcluding": "87.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "907D294D-2667-4A67-A4B7-2DDE46BE592D",
"versionEndExcluding": "78.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6DE7E3-8F1B-4525-8992-FCDC7CC063D3",
"versionEndExcluding": "78.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
},
{
"lang": "es",
"value": "Una carga de textura de un Objeto de B\u00fafer de P\u00edxeles podr\u00eda haber confundido el c\u00f3digo WebGL para omitir el enlace del b\u00fafer usado para descomprimirlo, resultando en la corrupci\u00f3n de la memoria y una filtraci\u00f3n o bloqueo de informaci\u00f3n potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versi\u00f3n 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9."
}
],
"id": "CVE-2021-23981",
"lastModified": "2024-11-21T05:52:08.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-31T14:15:18.907",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6HWG-29MR-QGF8
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI?
Details
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2021-23981"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-31T14:15:00Z",
"severity": "HIGH"
},
"details": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Thunderbird \u003c 78.9, and Firefox \u003c 87.",
"id": "GHSA-6hwg-29mr-qgf8",
"modified": "2022-05-24T17:45:59Z",
"published": "2022-05-24T17:45:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23981"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-09"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-23981
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-23981",
"description": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"id": "GSD-2021-23981",
"references": [
"https://www.suse.com/security/cve/CVE-2021-23981.html",
"https://www.debian.org/security/2021/dsa-4876",
"https://www.debian.org/security/2021/dsa-4874",
"https://access.redhat.com/errata/RHSA-2021:0996",
"https://access.redhat.com/errata/RHSA-2021:0995",
"https://access.redhat.com/errata/RHSA-2021:0994",
"https://access.redhat.com/errata/RHSA-2021:0993",
"https://access.redhat.com/errata/RHSA-2021:0992",
"https://access.redhat.com/errata/RHSA-2021:0991",
"https://access.redhat.com/errata/RHSA-2021:0990",
"https://access.redhat.com/errata/RHSA-2021:0989",
"https://ubuntu.com/security/CVE-2021-23981",
"https://advisories.mageia.org/CVE-2021-23981.html",
"https://security.archlinux.org/CVE-2021-23981",
"https://linux.oracle.com/cve/CVE-2021-23981.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-23981"
],
"details": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"id": "GSD-2021-23981",
"modified": "2023-12-13T01:23:29.892363Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-23981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "87"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.9"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Texture upload into an unbound backing buffer resulted in an out-of-bound read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-23981"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.9"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "87"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Thunderbird \u003c 78.9, Firefox ESR \u003c 78.9, and Firefox \u003c 87."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Texture upload into an unbound backing buffer resulted in an out-of-bound read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "87.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "78.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "78.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-23981"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-08-06T18:19Z",
"publishedDate": "2021-03-31T14:15Z"
}
}
}
OPENSUSE-SU-2021:0487-1
Vulnerability from csaf_opensuse - Published: 2021-03-30 12:59 - Updated: 2021-03-30 12:59Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-487
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)\n * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read\n * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage\n * CVE-2021-23984: Malicious extensions could have spoofed popup information\n * CVE-2021-23987: Memory safety bugs\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-487",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0487-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0487-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FSNSOUV5NJGXTPEDI5OM2FZY66FY5LH2/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0487-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FSNSOUV5NJGXTPEDI5OM2FZY66FY5LH2/"
},
{
"category": "self",
"summary": "SUSE Bug 1183942",
"url": "https://bugzilla.suse.com/1183942"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23981 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23982 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23987 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23987/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-03-30T12:59:04Z",
"generator": {
"date": "2021-03-30T12:59:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0487-1",
"initial_release_date": "2021-03-30T12:59:04Z",
"revision_history": [
{
"date": "2021-03-30T12:59:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"product": {
"name": "MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"product_id": "MozillaFirefox-78.9.0-lp152.2.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"product_id": "MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.9.0-lp152.2.52.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64"
},
"product_reference": "MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23981"
}
],
"notes": [
{
"category": "general",
"text": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23981",
"url": "https://www.suse.com/security/cve/CVE-2021-23981"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23981",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-30T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2021-23981"
},
{
"cve": "CVE-2021-23982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23982"
}
],
"notes": [
{
"category": "general",
"text": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23982",
"url": "https://www.suse.com/security/cve/CVE-2021-23982"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23982",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-30T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2021-23982"
},
{
"cve": "CVE-2021-23984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23984"
}
],
"notes": [
{
"category": "general",
"text": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23984",
"url": "https://www.suse.com/security/cve/CVE-2021-23984"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23984",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-30T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2021-23984"
},
{
"cve": "CVE-2021-23987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23987"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23987",
"url": "https://www.suse.com/security/cve/CVE-2021-23987"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23987",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.9.0-lp152.2.52.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.9.0-lp152.2.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-30T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2021-23987"
}
]
}
OPENSUSE-SU-2021:0580-1
Vulnerability from csaf_opensuse - Published: 2021-04-19 12:10 - Updated: 2021-04-19 12:10Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird was updated to version 78.9.1 (MFSA 2021-12,MFSA 2021-13, bsc#1183942, bsc#1184536)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
* CVE-2021-23991: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
* CVE-2021-23992: A crafted OpenPGP key with an invalid user ID could be used to confuse the user
* CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
- cleaned up and fixed mozilla.sh.in for wayland (bsc#1177542)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-580
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird was updated to version 78.9.1 (MFSA 2021-12,MFSA 2021-13, bsc#1183942, bsc#1184536)\n * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read\n * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage\n * CVE-2021-23984: Malicious extensions could have spoofed popup information\n * CVE-2021-23987: Memory safety bugs\n * CVE-2021-23991: An attacker may use Thunderbird\u0027s OpenPGP key refresh mechanism to poison an existing key\n * CVE-2021-23992: A crafted OpenPGP key with an invalid user ID could be used to confuse the user\n * CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key\n- cleaned up and fixed mozilla.sh.in for wayland (bsc#1177542)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-580",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0580-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0580-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/46S264KIM7ZLJMHW66XPM4XKEAJEZUEJ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0580-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/46S264KIM7ZLJMHW66XPM4XKEAJEZUEJ/"
},
{
"category": "self",
"summary": "SUSE Bug 1177542",
"url": "https://bugzilla.suse.com/1177542"
},
{
"category": "self",
"summary": "SUSE Bug 1183942",
"url": "https://bugzilla.suse.com/1183942"
},
{
"category": "self",
"summary": "SUSE Bug 1184536",
"url": "https://bugzilla.suse.com/1184536"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23981 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23982 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23987 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23991 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23992 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23993 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23993/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2021-04-19T12:10:39Z",
"generator": {
"date": "2021-04-19T12:10:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0580-1",
"initial_release_date": "2021-04-19T12:10:39Z",
"revision_history": [
{
"date": "2021-04-19T12:10:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"product": {
"name": "MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"product_id": "MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64"
},
"product_reference": "MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23981"
}
],
"notes": [
{
"category": "general",
"text": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23981",
"url": "https://www.suse.com/security/cve/CVE-2021-23981"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23981",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "important"
}
],
"title": "CVE-2021-23981"
},
{
"cve": "CVE-2021-23982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23982"
}
],
"notes": [
{
"category": "general",
"text": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23982",
"url": "https://www.suse.com/security/cve/CVE-2021-23982"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23982",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "important"
}
],
"title": "CVE-2021-23982"
},
{
"cve": "CVE-2021-23984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23984"
}
],
"notes": [
{
"category": "general",
"text": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23984",
"url": "https://www.suse.com/security/cve/CVE-2021-23984"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23984",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "important"
}
],
"title": "CVE-2021-23984"
},
{
"cve": "CVE-2021-23987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23987"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23987",
"url": "https://www.suse.com/security/cve/CVE-2021-23987"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23987",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "important"
}
],
"title": "CVE-2021-23987"
},
{
"cve": "CVE-2021-23991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23991"
}
],
"notes": [
{
"category": "general",
"text": "If a Thunderbird user has previously imported Alice\u0027s OpenPGP key, and Alice has extended the validity period of her key, but Alice\u0027s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice\u0027s key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird \u003c 78.9.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23991",
"url": "https://www.suse.com/security/cve/CVE-2021-23991"
},
{
"category": "external",
"summary": "SUSE Bug 1184536 for CVE-2021-23991",
"url": "https://bugzilla.suse.com/1184536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "moderate"
}
],
"title": "CVE-2021-23991"
},
{
"cve": "CVE-2021-23992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23992"
}
],
"notes": [
{
"category": "general",
"text": "Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird \u003c 78.9.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23992",
"url": "https://www.suse.com/security/cve/CVE-2021-23992"
},
{
"category": "external",
"summary": "SUSE Bug 1184536 for CVE-2021-23992",
"url": "https://bugzilla.suse.com/1184536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "moderate"
}
],
"title": "CVE-2021-23992"
},
{
"cve": "CVE-2021-23993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23993"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird \u003c 78.9.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23993",
"url": "https://www.suse.com/security/cve/CVE-2021-23993"
},
{
"category": "external",
"summary": "SUSE Bug 1184536 for CVE-2021-23993",
"url": "https://bugzilla.suse.com/1184536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-19T12:10:39Z",
"details": "moderate"
}
],
"title": "CVE-2021-23993"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…