Vulnerability CVE-2021-29964

Vulnerability Name:

CVE-2021-29964 (CCN-202784)

Assigned:

2021-06-01

Published:

2021-06-01

Updated:

2021-06-30

Summary:

A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

CVSS v3 Severity:

7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-29964

Source: MISC
Type: Permissions Required, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1706501

Source: XF
Type: UNKNOWN
firefox-cve202129964-info-disc(202784)

Source: CCN
Type: IBM Security Bulletin 6493377 (Application Performance Management)
Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR +CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-23
Security Vulnerabilities fixed in Firefox 89

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-24
Security Vulnerabilities fixed in Firefox ESR 78.11

Source: MISC
Type: Release Notes, Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-23/

Source: MISC
Type: Release Notes, Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-24/

Source: MISC
Type: Release Notes, Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-26/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-29964

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version < 89.0)

OR cpe:/a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (Version < 78.11)

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version < 78.11)

AND

cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7868	P	MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95284	P	Security update for pcre2 (Important)	2022-07-27
oval:org.opensuse.security:def:3546	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3252	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94777	P	perl-File-Path-2.150000-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94882	P	MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95176	P	MozillaThunderbird-91.8.0-150200.8.65.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6064	P	Security update for patch (Moderate)	2022-06-03
oval:org.opensuse.security:def:6042	P	Security update for ucode-intel (Moderate)	2022-05-19
oval:org.opensuse.security:def:101997	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-02-02
oval:org.opensuse.security:def:99475	P	(Moderate)	2022-01-21
oval:org.opensuse.security:def:111899	P	MozillaFirefox-92.0-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111905	P	MozillaThunderbird-91.1.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105478	P	MozillaThunderbird-91.1.1-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:105476	P	MozillaFirefox-92.0-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:97037	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:99674	P	(Important)	2021-09-02
oval:org.opensuse.security:def:101490	P	Security update for systemd (Moderate)	2021-08-23
oval:org.opensuse.security:def:99982	P	(Important)	2021-08-17
oval:org.opensuse.security:def:111589	P	Security update for MozillaThunderbird (Important)	2021-07-10
oval:org.opensuse.security:def:111570	P	Security update for MozillaFirefox (Important)	2021-07-09
oval:org.opensuse.security:def:111456	P	Security update for MozillaThunderbird (Important)	2021-06-24
oval:org.opensuse.security:def:10645	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:70785	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:102317	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:10680	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:70820	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:67153	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:96307	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:119785	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:1765	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:97078	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:109645	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:102979	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:76221	P	Security update for MozillaThunderbird (Important)	2021-06-17
oval:org.opensuse.security:def:92135	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:9526	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:69666	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:99276	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:5736	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:92923	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:8779	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:75893	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:92326	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:9725	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:69865	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:97052	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:93076	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:108663	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:111429	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:8974	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:98890	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:92525	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:10098	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:70238	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:93229	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:91940	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:9344	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:69484	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:99085	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:92724	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:10276	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:70416	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:8601	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:66825	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:30086	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:51579	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:5054	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:38659	P	Security update for MozillaFirefox (Moderate)	2021-06-08
oval:org.opensuse.security:def:74351	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:101698	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:60277	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:87401	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32111	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:56029	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:83293	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:126716	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:23913	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:43089	P	Security update for MozillaFirefox (Moderate)	2021-06-08
oval:org.opensuse.security:def:108156	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:67131	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:89398	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:34454	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:58760	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:85656	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:30206	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:51901	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:117670	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:39949	P	Security update for MozillaFirefox (Moderate)	2021-06-08
oval:org.opensuse.security:def:65221	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:88130	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:57015	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:83413	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:127113	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:26067	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:44379	P	Security update for MozillaFirefox (Moderate)	2021-06-08
oval:org.opensuse.security:def:4132	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:59485	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:86096	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:31192	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:55199	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:41158	P	Security update for MozillaFirefox (Moderate)	2021-06-08
oval:org.opensuse.security:def:76199	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:65283	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:88443	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:33662	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:57455	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:84153	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:29376	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:45588	P	Security update for MozillaFirefox (Moderate)	2021-06-08
oval:org.opensuse.security:def:74289	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:4194	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:59743	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:86575	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:31632	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:55909	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:82583	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:125546	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:23591	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:89140	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:33920	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:57934	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:84611	P	Security update for MozillaFirefox (Important)	2021-06-08

BACK