CVE-2021-23995Operation on a Resource after Expiration or Release in Mozilla Firefox

CWE-672Operation on a Resource after Expiration or ReleaseCWE-416Use After Free15 documents8 sources
Severity
8.8HIGHNVD
OSV7.4
EPSS
1.0%
top 22.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedJun 24
Latest updateMay 24

Description

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified88
NVDmozilla/firefox< 88.0
CVEListV5mozilla/firefox_esrunspecified78.10
NVDmozilla/firefox_esr< 78.10
Ubuntumozilla/firefox< 88.0+build2-0ubuntu0.16.04.1+2

🔴Vulnerability Details

6
GHSA
GHSA-h42x-74c2-hxvc: When Responsive Design Mode was enabled, it used references to objects that were previously freed2022-05-24
OSV
thunderbird vulnerabilities2021-06-25
CVEList
CVE-2021-23995: When Responsive Design Mode was enabled, it used references to objects that were previously freed2021-06-24
OSV
CVE-2021-23995: When Responsive Design Mode was enabled, it used references to objects that were previously freed2021-06-24
OSV
thunderbird vulnerabilities2021-06-22

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2021-06-25
Ubuntu
Thunderbird vulnerabilities2021-06-22
Ubuntu
Firefox vulnerabilities2021-04-26
Red Hat
Mozilla: Use-after-free in Responsive Design Mode2021-04-19
Debian
CVE-2021-23995: firefox - When Responsive Design Mode was enabled, it used references to objects that were...2021
CVE-2021-23995 — Mozilla Firefox vulnerability | cvebase