CVE-2021-23962Mozilla Firefox vulnerability

6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedFeb 26
Latest updateMay 24

Description

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/firefox< firefox 85.0-1 (sid)
CVEListV5mozilla/firefox< 85
NVDmozilla/firefox< 85.0
Ubuntumozilla/firefox< 85.0+build1-0ubuntu0.16.04.1+2
mozillamozilla/firefox

🔴Vulnerability Details

2
GHSA
GHSA-cgj5-m6v7-hf6x: Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash2022-05-24
OSV
CVE-2021-23962: Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash2021-01-26

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2021-02-01
Debian
CVE-2021-23962: firefox - Incorrect use of the '<RowCountChanged>' method could have led to a user-after-p...2021
Mozilla
Mozilla Foundation Security Advisory 2021-03: CVE-2021-23962