CVE-2021-29982 — Missing Release of Resource after Effective Lifetime in Mozilla Firefox

CWE-772 — Missing Release of Resource after Effective Lifetime9 documents6 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.4%

top 40.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox +1 more

Timeline

PublishedAug 17

Latest updateMay 24

Description

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶debiandebian/firefox< firefox 91.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 91

▶NVDmozilla/firefox< 91.0

▶debiandebian/thunderbird< firefox 91.0-1 (sid)

▶CVEListV5mozilla/thunderbirdunspecified — 91

🔴Vulnerability Details

GHSA

GHSA-9x2f-wq24-4m7j: Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of m↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2022-01-21

▶

OSV

CVE-2021-29982: Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of m↗2021-08-11

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Firefox vulnerabilities↗2021-08-11

▶

Debian

CVE-2021-29982: firefox - Due to incorrect JIT optimization, we incorrectly interpreted data from the wron...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-36: CVE-2021-29982↗

▶

Mozilla

Mozilla Foundation Security Advisory 2021-33: CVE-2021-29982↗

▶