Vulnerability CVE-2021-23995: Information

Description

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23995

Published: June 24, 2021

Modified: July 2, 2021

Error type identifier: CWE-672

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	88.0-alt1	126.0.1-alt1	ALT-PU-2021-1676-1	270325	Fixed
firefox	p10	88.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2021-1676-1	270325	Fixed
firefox	p9	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2022-1782-1	288073	Fixed
firefox	c10f1	88.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2021-1676-1	270325	Fixed
firefox	c9f2	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2021-3368-1	288792	Fixed
firefox	p11	88.0-alt1	126.0.1-alt1	ALT-PU-2021-1676-1	270325	Fixed
firefox-esr	sisyphus	78.10.0-alt1	115.11.0-alt1	ALT-PU-2021-1687-1	270388	Fixed
firefox-esr	p10	91.1.0-alt1	115.11.0-alt1	ALT-PU-2021-2881-1	284980	Fixed
firefox-esr	p9	78.10.0-alt0.1.p9	102.11.0-alt0.c9.1	ALT-PU-2021-1701-1	270404	Fixed
firefox-esr	c10f1	91.1.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2021-2881-1	284980	Fixed
firefox-esr	c9f2	78.10.0-alt0.1.c9	102.12.0-alt0.c9.1	ALT-PU-2021-1718-1	270451	Fixed
firefox-esr	p11	78.10.0-alt1	115.11.0-alt1	ALT-PU-2021-1687-1	270388	Fixed
thunderbird	sisyphus	78.10.1-alt1	115.9.0-alt1	ALT-PU-2021-1804-1	267593	Fixed
thunderbird	p10	78.10.1-alt1	115.9.0-alt1	ALT-PU-2021-1804-1	267593	Fixed
thunderbird	p9	78.10.2-alt0.1.p9	102.11.0-alt0.c9.1	ALT-PU-2021-1892-1	271859	Fixed
thunderbird	c10f1	78.10.1-alt1	115.9.0-alt0.c10.1	ALT-PU-2021-1804-1	267593	Fixed
thunderbird	c9f2	78.10.2-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2021-1886-1	272274	Fixed
thunderbird	p11	78.10.1-alt1	115.9.0-alt1	ALT-PU-2021-1804-1	267593	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2021-15/	Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-16/	Release Notes Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-14/	Release Notes Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1699835	Issue Tracking Permissions Required Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  78.10
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  88.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  78.10

Version: v24.5.3

Vulnerability CVE-2021-23995: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1