CVE-2021-29984Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-416Use After Free13 documents8 sources
Severity
8.8HIGHNVD
OSV5.9
EPSS
0.4%
top 36.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedAug 17
Latest updateMay 24

Description

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified91
NVDmozilla/firefox< 91.0
CVEListV5mozilla/firefox_esrunspecified78.13
CVEListV5mozilla/thunderbirdunspecified78.13+1
NVDmozilla/firefox_esr< 78.13.0

🔴Vulnerability Details

4
GHSA
GHSA-9qg9-jm6v-8f8r: Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection2022-05-24
OSV
thunderbird vulnerabilities2021-08-31
CVEList
CVE-2021-29984: Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection2021-08-17
OSV
CVE-2021-29984: Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection2021-08-17

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2021-08-31
Ubuntu
Firefox vulnerabilities2021-08-11
Red Hat
Mozilla: Incorrect instruction reordering during JIT optimization2021-08-10
Debian
CVE-2021-29984: firefox - Instruction reordering resulted in a sequence of instructions that would cause a...2021
Mozilla
Mozilla Foundation Security Advisory 2021-33: CVE-2021-29984
CVE-2021-29984 — Out-of-bounds Write in Mozilla Firefox | cvebase