CVE-2021-29985Use After Free in Mozilla Firefox

CWE-416Use After Free15 documents9 sources
Severity
8.8HIGHNVD
OSV5.9
EPSS
0.4%
top 38.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedAug 17
Latest updateMay 24

Description

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified91
NVDmozilla/firefox< 91.0
CVEListV5mozilla/firefox_esrunspecified78.13
CVEListV5mozilla/thunderbirdunspecified78.13+1
NVDmozilla/firefox_esr< 78.13.0

🔴Vulnerability Details

4
GHSA
GHSA-j4mj-qqm4-jqf7: A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash2022-05-24
OSV
thunderbird vulnerabilities2021-08-31
OSV
CVE-2021-29985: A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash2021-08-17
CVEList
CVE-2021-29985: A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash2021-08-17

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2021-08-31
Ubuntu
Firefox vulnerabilities2021-08-11
Red Hat
Mozilla: Use-after-free media channels2021-08-10
Debian
CVE-2021-29985: firefox - A use-after-free vulnerability in media channels could have led to memory corrup...2021
Mozilla
Mozilla Foundation Security Advisory 2021-35: CVE-2021-29985

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Code execution vulnerability in Mozilla Firefox2021-08-10
Talos
Vulnerability Spotlight: Code execution vulnerability in Mozilla Firefox2021-08-10
CVE-2021-29985 — Use After Free in Mozilla Firefox | cvebase