Bug 1942787 (CVE-2021-23987) - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
Summary: CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ES...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-23987
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1939796 1939797 1939798 1939799 1939800 1939801 1939805 1939806 1939807 1939808 1939809 1939810
Blocks: 1939794
TreeView+ depends on / blocked
 
Reported: 2021-03-25 00:47 UTC by Doran Moppert
Modified: 2021-04-06 11:05 UTC (History)
5 users (show)

Fixed In Version: firefox 78.9, thunderbird 78.9
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this issue as: Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2021-03-25 17:35:23 UTC
Embargoed:


Attachments (Terms of Use)

Description Doran Moppert 2021-03-25 00:47:57 UTC
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.


External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987

Comment 1 Doran Moppert 2021-03-25 00:48:01 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Alexis Beingessner, Tyson Smith, Julien Wajsberg, Matthew Gregan

Comment 2 errata-xmlrpc 2021-03-25 12:19:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0990 https://access.redhat.com/errata/RHSA-2021:0990

Comment 3 errata-xmlrpc 2021-03-25 12:30:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0991 https://access.redhat.com/errata/RHSA-2021:0991

Comment 4 errata-xmlrpc 2021-03-25 12:56:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0995 https://access.redhat.com/errata/RHSA-2021:0995

Comment 5 errata-xmlrpc 2021-03-25 12:56:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0993 https://access.redhat.com/errata/RHSA-2021:0993

Comment 6 errata-xmlrpc 2021-03-25 12:57:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0989 https://access.redhat.com/errata/RHSA-2021:0989

Comment 7 errata-xmlrpc 2021-03-25 12:57:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0994 https://access.redhat.com/errata/RHSA-2021:0994

Comment 8 errata-xmlrpc 2021-03-25 13:33:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0996 https://access.redhat.com/errata/RHSA-2021:0996

Comment 9 errata-xmlrpc 2021-03-25 13:33:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0992 https://access.redhat.com/errata/RHSA-2021:0992

Comment 10 Product Security DevOps Team 2021-03-25 17:35:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-23987


Note You need to log in before you can comment on or make changes to this bug.