CVE-2021-29952
published 2021-06-24CVE-2021-29952: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been…
PriorityP339high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
0.73%
49.7th percentile
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 88.0.1-1 (sid) | firefox 88.0.1-1 (sid) |
| mozilla | firefox | < 88.0.1 | 88.0.1 |
| mozilla | firefox | < 88.1.3 | 88.1.3 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 88.0.1+build1-0ubuntu0.18.04.2 | 88.0.1+build1-0ubuntu0.18.04.2 |
| mozilla | firefox | >= 0 < 88.0.1+build1-0ubuntu0.20.04.2 | 88.0.1+build1-0ubuntu0.20.04.2 |
| mozilla | firefox | >= unspecified < 88.0.1 | 88.0.1 |
| mozilla | firefox_for_android | >= unspecified < 88.1.3 | 88.1.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-37c3-xqfq-pgfj: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee
ghsa_unreviewed·2022-05-24
CVE-2021-29952 [HIGH] CWE-362 GHSA-37c3-xqfq-pgfj: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
OSV
CVE-2021-29952: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee
osv·2021-05-07·CVSS 7.5
CVE-2021-29952 [HIGH] CVE-2021-29952: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
Ubuntu
Firefox vulnerability
vendor_ubuntu·2021-05-10
CVE-2021-29952 Firefox vulnerability
Title: Firefox vulnerability
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
A race condition was discovered in Web Render Components. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit this to execute arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: Race condition in Web Render Components
vendor_redhat·2021-05-05·CVSS 7.5
CVE-2021-29952 [HIGH] CWE-367 Mozilla: Race condition in Web Render Components
Mozilla: Race condition in Web Render Components
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
Statement: This vulnerability was reported against Firefox 88.0. The ESR versions of Firefox shipped with Red Hat Enterprise Linux are not affected.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: firefox (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2021-29952: firefox - When Web Render components were destructed, a race condition could have caused u...
vendor_debian·2021·CVSS 7.5
CVE-2021-29952 [HIGH] CVE-2021-29952: firefox - When Web Render components were destructed, a race condition could have caused u...
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
Scope: local
sid: resolved (fixed in 88.0.1-1)
Mozilla
Mozilla Foundation Security Advisory 2021-20: CVE-2021-29952
vendor_mozilla·CVSS 7.5
CVE-2021-29952 [HIGH] Mozilla Foundation Security Advisory 2021-20: CVE-2021-29952
Mozilla Foundation Security Advisory 2021-20
CVE: CVE-2021-29952
Product: Firefox, Firefox for Android
Impact: high
Fixed in: Firefox 88.0.1
Firefox for Android 88.1.3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-24
Published