CVE-2021-4127 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox ESR

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5mozilla/firefox_esrunspecified — 78.9

▶CVEListV5mozilla/thunderbirdunspecified — 78.9

▶NVDmozilla/firefox_esr< 78.9.0

▶NVDmozilla/thunderbird< 78.9.0

▶Debianmozilla/thunderbird< 1:78.9.0-1+3

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

CVEList

CVE-2021-4127: An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited↗2022-12-22

▶

GHSA

GHSA-7wp9-fj5q-c4jc: An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited↗2022-12-22

▶

OSV

CVE-2021-4127: An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited↗2022-12-22

▶

📋Vendor Advisories

Red Hat

Mozilla: Angle graphics library out of date↗2021-03-23

▶

Debian

CVE-2021-4127: firefox-esr - An out of date graphics library (Angle) likely contained vulnerabilities that co...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-12: CVE-2021-4127↗

▶

Mozilla

Mozilla Foundation Security Advisory 2021-11: CVE-2021-4127↗

▶