Bug 2030116 (CVE-2021-4129) - CVE-2021-4129 Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Summary: CVE-2021-4129 Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-4129
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2029262 2029263 2029264 2029265 2029266 2029267 2029268 2029274 2029735 2029736 2029737 2029738 2029739 2029740
Blocks: 2029260
TreeView+ depends on / blocked
 
Reported: 2021-12-08 02:36 UTC by Doran Moppert
Modified: 2023-01-30 09:08 UTC (History)
5 users (show)

Fixed In Version: firefox 91.4.0, thunderbird 91.4.0
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Thunderbird 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2021-12-08 11:35:37 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:5013 0 None None None 2021-12-08 10:09:33 UTC
Red Hat Product Errata RHSA-2021:5014 0 None None None 2021-12-08 10:27:09 UTC
Red Hat Product Errata RHSA-2021:5015 0 None None None 2021-12-08 10:11:40 UTC
Red Hat Product Errata RHSA-2021:5016 0 None None None 2021-12-08 10:12:14 UTC
Red Hat Product Errata RHSA-2021:5017 0 None None None 2021-12-08 10:00:24 UTC
Red Hat Product Errata RHSA-2021:5045 0 None None None 2021-12-09 12:38:02 UTC
Red Hat Product Errata RHSA-2021:5046 0 None None None 2021-12-09 12:53:28 UTC
Red Hat Product Errata RHSA-2021:5047 0 None None None 2021-12-09 12:36:40 UTC
Red Hat Product Errata RHSA-2021:5048 0 None None None 2021-12-09 12:38:31 UTC
Red Hat Product Errata RHSA-2021:5055 0 None None None 2021-12-09 14:44:03 UTC

Description Doran Moppert 2021-12-08 02:36:17 UTC
Mozilla developers and community members reported memory safety bugs present in Firefox 94 and Firefox ESR 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.


External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#MOZ-2021-0009

Comment 1 errata-xmlrpc 2021-12-08 10:00:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2021:5017 https://access.redhat.com/errata/RHSA-2021:5017

Comment 2 errata-xmlrpc 2021-12-08 10:09:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5013 https://access.redhat.com/errata/RHSA-2021:5013

Comment 3 errata-xmlrpc 2021-12-08 10:11:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:5015 https://access.redhat.com/errata/RHSA-2021:5015

Comment 4 errata-xmlrpc 2021-12-08 10:12:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:5016 https://access.redhat.com/errata/RHSA-2021:5016

Comment 5 errata-xmlrpc 2021-12-08 10:27:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:5014 https://access.redhat.com/errata/RHSA-2021:5014

Comment 6 errata-xmlrpc 2021-12-09 12:36:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:5047 https://access.redhat.com/errata/RHSA-2021:5047

Comment 7 errata-xmlrpc 2021-12-09 12:38:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5045 https://access.redhat.com/errata/RHSA-2021:5045

Comment 8 errata-xmlrpc 2021-12-09 12:38:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:5048 https://access.redhat.com/errata/RHSA-2021:5048

Comment 9 errata-xmlrpc 2021-12-09 12:53:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:5046 https://access.redhat.com/errata/RHSA-2021:5046

Comment 10 errata-xmlrpc 2021-12-09 14:44:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2021:5055 https://access.redhat.com/errata/RHSA-2021:5055


Note You need to log in before you can comment on or make changes to this bug.