[Bug 1930528] [NEW] Mozilla Firefox Multiple Vulnerabilities

Wed, 02 Jun 2021 15:57:07 -0700 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Seth Arnold (seth-arnold):

CVE Numbers

CVE‑2021‑29961 <https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2021-29961> , CVE‑2021‑29967
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967> ,
CVE‑2021‑29966 <https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2021-29966> , CVE‑2021‑29965
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29965>

Description

Multiple vulnerabilities have been reported in Mozilla Firefox, which
can be exploited by malicious people to conduct spoofing attacks, bypass
certain security restrictions, and compromise a vulnerable system.

1

Some errors related to memory safety can be exploited to corrupt memory.

2

Some further errors related to memory safety can be exploited to corrupt
memory.

Successful exploitation of the vulnerabilities #1 and #2 may allow
execution of arbitrary code.

3

An error related to domain spoofing within the built-in password manager
can be exploited to suggest otherwise restricted passwords for the
currently active website.

Note: The vulnerability #3 affects the Android platform only.

4

An error when styling and rendering an oversized "select" element can be
exploited to conduct spoofing attacks.

The vulnerabilities are reported in versions prior to 89.0.

Affected Software

The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.

Mozilla Firefox 88.x

Solution

Upgrade to version 89.0

References

1. https://www.mozilla.org/en-US/security/advisories/mfsa2021-23
<https://www.mozilla.org/en-US/security/advisories/mfsa2021-23>

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Mozilla Firefox Multiple Vulnerabilities
https://bugs.launchpad.net/bugs/1930528
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to