CVE-2021-29980Missing Initialization of Resource in Mozilla Firefox

CWE-909Missing Initialization of ResourceCWE-908Use of Uninitialized Resource13 documents8 sources
Severity
8.8HIGHNVD
OSV5.9
EPSS
0.4%
top 38.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedAug 17
Latest updateMay 24

Description

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified91
NVDmozilla/firefox< 91.0
CVEListV5mozilla/firefox_esrunspecified78.13
CVEListV5mozilla/thunderbirdunspecified78.13+1
NVDmozilla/firefox_esr< 78.13.0

🔴Vulnerability Details

4
GHSA
GHSA-5w5f-pvc9-xxph: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash2022-05-24
OSV
thunderbird vulnerabilities2021-08-31
CVEList
CVE-2021-29980: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash2021-08-17
OSV
CVE-2021-29980: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash2021-08-17

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2021-08-31
Ubuntu
Firefox vulnerabilities2021-08-11
Red Hat
Mozilla: Uninitialized memory in a canvas object could have led to memory corruption2021-08-10
Debian
CVE-2021-29980: firefox - Uninitialized memory in a canvas object could have caused an incorrect free() le...2021
Mozilla
Mozilla Foundation Security Advisory 2021-34: CVE-2021-29980
CVE-2021-29980 — Missing Initialization of Resource | cvebase