CVE-2021-38504Use After Free in Mozilla Firefox

CWE-416Use After Free14 documents8 sources
Severity
8.8HIGHNVD
OSV10.0
EPSS
1.3%
top 20.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedDec 8
Latest updateJan 21

Description

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified94
NVDmozilla/firefox< 94.0
CVEListV5mozilla/firefox_esrunspecified91.3
NVDmozilla/firefox_esr< 91.3.0
Ubuntumozilla/firefox< 94.0+build3-0ubuntu0.18.04.1+1

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2022-01-21
GHSA
GHSA-53f7-m98p-5ggp: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory cor2021-12-09
OSV
CVE-2021-38504: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory cor2021-12-08
CVEList
CVE-2021-38504: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory cor2021-12-08
OSV
firefox vulnerabilities2021-11-03

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Thunderbird vulnerabilities2021-11-18
Ubuntu
Firefox vulnerabilities2021-11-03
Red Hat
Mozilla: Use-after-free in file picker dialog2021-11-02
Debian
CVE-2021-38504: firefox - When interacting with an HTML input element's file picker dialog with webkitdire...2021
CVE-2021-38504 — Use After Free in Mozilla Firefox | cvebase