Vulnerability CVE-2021-29989: Information

Description

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-29989

Published: Aug. 17, 2021

Modified: Dec. 9, 2022

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	91.0-alt1	126.0.1-alt1	ALT-PU-2021-2488-1	282383	Fixed
firefox	p10	92.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2021-2849-1	284964	Fixed
firefox	p9	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2022-1782-1	288073	Fixed
firefox	c10f1	92.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2021-2849-1	284964	Fixed
firefox	c9f2	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2021-3368-1	288792	Fixed
firefox	p11	91.0-alt1	126.0.1-alt1	ALT-PU-2021-2488-1	282383	Fixed
firefox-esr	sisyphus	78.13.0-alt1	115.11.0-alt1	ALT-PU-2021-2479-1	282366	Fixed
firefox-esr	p10	78.13.0-alt1	115.11.0-alt1	ALT-PU-2021-2527-1	282376	Fixed
firefox-esr	p9	78.13.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2021-2624-1	282377	Fixed
firefox-esr	c10f1	78.13.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2021-2527-1	282376	Fixed
firefox-esr	c9f2	78.13.0-alt0.c9.1	102.12.0-alt0.c9.1	ALT-PU-2021-2491-1	282380	Fixed
firefox-esr	p11	78.13.0-alt1	115.11.0-alt1	ALT-PU-2021-2479-1	282366	Fixed
thunderbird	sisyphus	78.13.0-alt1	115.9.0-alt1	ALT-PU-2021-2481-1	282378	Fixed
thunderbird	p10	78.13.0-alt1	115.9.0-alt1	ALT-PU-2021-2504-1	282394	Fixed
thunderbird	p9	78.13.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2021-2607-1	282397	Fixed
thunderbird	c10f1	78.13.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2021-2504-1	282394	Fixed
thunderbird	c9f2	78.13.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2021-2501-1	282405	Fixed
thunderbird	p11	78.13.0-alt1	115.9.0-alt1	ALT-PU-2021-2481-1	282378	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2021-34/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-35/	Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568	Vendor Advisory
GLSA-202202-03	Third Party Advisory
GLSA-202208-14	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  78.13.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  78.13.0
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  91.0

Version: v24.5.3

Vulnerability CVE-2021-29989: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1