Vulnerability CVE-2021-38500: Information

Description

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-38500
Published: Nov. 3, 2021
Modified: March 17, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus93.0-alt1126.0.1-alt1ALT-PU-2021-3005-1286536Fixed
firefoxp1093.0-alt1118.0.2-alt0.p10.1ALT-PU-2021-3069-1286727Fixed
firefoxp993.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2022-1782-1288073Fixed
firefoxc10f193.0-alt1112.0.2-alt0.p10.1ALT-PU-2021-3069-1286727Fixed
firefoxc9f293.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2021-3368-1288792Fixed
firefoxp1193.0-alt1126.0.1-alt1ALT-PU-2021-3005-1286536Fixed
firefox-esrsisyphus91.2.0-alt1115.11.0-alt1ALT-PU-2021-2981-1286488Fixed
firefox-esrp1091.2.0-alt1115.11.0-alt1ALT-PU-2021-3026-1286492Fixed
firefox-esrp978.15.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2021-2995-1286493Fixed
firefox-esrc10f191.2.0-alt1115.9.1-alt0.c10.1ALT-PU-2021-3026-1286492Fixed
firefox-esrc9f278.15.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2021-3003-1286489Fixed
firefox-esrp1191.2.0-alt1115.11.0-alt1ALT-PU-2021-2981-1286488Fixed
thunderbirdsisyphus91.2.0-alt1115.9.0-alt1ALT-PU-2021-2992-1286563Fixed
thunderbirdp1091.2.0-alt1115.9.0-alt1ALT-PU-2021-3004-1286091Fixed
thunderbirdp991.6.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2022-1783-1288073Fixed
thunderbirdc10f191.2.0-alt1115.9.0-alt0.c10.1ALT-PU-2021-3004-1286091Fixed
thunderbirdc9f291.3.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2021-3370-1288792Fixed
thunderbirdp1191.2.0-alt1115.9.0-alt1ALT-PU-2021-2992-1286563Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2021-43/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-45/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-44/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-47/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1725854%2C1728321
  • Broken Link
  • Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2021-46/
  • Vendor Advisory
DSA-5034
  • Issue Tracking
  • Third Party Advisory
[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      93.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      Start including
      91.0
      End excliding
      91.2
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      78.15
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      Start including
      91.0
      End excliding
      91.2
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      78.15

      Configuration 2

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top