1 |
type: security |
2 |
subject: Updated firefox packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2021-32810 |
5 |
- CVE-2021-38496 |
6 |
- CVE-2021-38497 |
7 |
- CVE-2021-38498 |
8 |
- CVE-2021-38500 |
9 |
- CVE-2021-38501 |
10 |
src: |
11 |
8: |
12 |
core: |
13 |
- firefox-91.2.0-1.mga8 |
14 |
- firefox-l10n-91.2.0-1.mga8 |
15 |
- nss-3.71.0-1.mga8 |
16 |
- rootcerts-20210907.00-1.mga8 |
17 |
description: | |
18 |
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more |
19 |
tasks in the worker queue could have been be popped twice instead of other |
20 |
tasks that are forgotten and never popped. If tasks are allocated on the heap, |
21 |
this could have caused a double free and a memory leak (CVE-2021-32810). |
22 |
|
23 |
During operations on MessageTasks, a task may have been removed while it was |
24 |
still scheduled, resulting in memory corruption and a potentially exploitable |
25 |
crash due to a use-after-free in MessageTask (CVE-2021-38496). |
26 |
|
27 |
Through use of reportValidity() and window.open(), a plain-text validation |
28 |
message could have been overlaid on another origin, leading to possible user |
29 |
confusion and spoofing attacks (CVE-2021-38497). |
30 |
|
31 |
During process shutdown, a document could have caused a use-after-free of a |
32 |
languages service object (nsLanguageAtomService), leading to memory corruption |
33 |
and a potentially exploitable crash (CVE-2021-38498). |
34 |
|
35 |
Mozilla developers and community members Andreas Pehrson, Christian Holler, |
36 |
Kevin Brosnan, and Mihai Alexandru Michis reported memory safety bugs present |
37 |
in Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption |
38 |
and we presume that with enough effort some of these could have been exploited |
39 |
to run arbitrary code (CVE-2021-38500, CVE-2021-38501). |
40 |
references: |
41 |
- https://bugs.mageia.org/show_bug.cgi?id=29525 |
42 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/ |
43 |
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/eLTKcnMNzPg |
44 |
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_71.html |
45 |
ID: MGASA-2021-0469 |