CVE-2021-29945 — Incorrect Calculation in Mozilla Firefox

CWE-682 — Incorrect Calculation CWE-476 — NULL Pointer Dereference15 documents8 sources

Severity

6.5MEDIUMNVD

OSV8.8OSV7.4

EPSS

0.4%

top 38.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJun 24

Latest updateMay 24

Description

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 88

▶NVDmozilla/firefox< 88.0

▶CVEListV5mozilla/firefox_esrunspecified — 78.10

▶NVDmozilla/firefox_esr< 78.10

▶Ubuntumozilla/firefox< 88.0+build2-0ubuntu0.16.04.1+2

🔴Vulnerability Details

GHSA

GHSA-79cg-jg39-89hq: The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2021-06-25

▶

CVEList

CVE-2021-29945: The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash↗2021-06-24

▶

OSV

CVE-2021-29945: The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash↗2021-06-24

▶

OSV

thunderbird vulnerabilities↗2021-06-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2021-06-25

▶

Ubuntu

Thunderbird vulnerabilities↗2021-06-22

▶

Ubuntu

Firefox vulnerabilities↗2021-04-26

▶

Red Hat

Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads↗2021-04-19

▶

Debian

CVE-2021-29945: firefox - The WebAssembly JIT could miscalculate the size of a return type, which could le...↗2021

▶