CVE-2021-29981 — Mozilla Firefox vulnerability

9 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 36.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox +1 more

Timeline

PublishedAug 17

Latest updateMay 24

Description

An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶debiandebian/firefox< firefox 91.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 91

▶NVDmozilla/firefox< 91.0

▶debiandebian/thunderbird< firefox 91.0-1 (sid)

▶CVEListV5mozilla/thunderbirdunspecified — 91

🔴Vulnerability Details

GHSA

GHSA-fxr9-2j9j-f89c: An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lea↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2022-01-21

▶

OSV

CVE-2021-29981: An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lea↗2021-08-11

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Firefox vulnerabilities↗2021-08-11

▶

Debian

CVE-2021-29981: firefox - An issue present in lowering/register allocation could have led to obscure but d...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-33: CVE-2021-29981↗

▶

Mozilla

Mozilla Foundation Security Advisory 2021-36: CVE-2021-29981↗

▶