Vulnerability CVE-2021-38495

Vulnerability Name:

CVE-2021-38495 (CCN-208818)

Assigned:

2021-09-07

Published:

2021-09-07

Updated:

2022-12-09

Summary:

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-38495

Source: security@mozilla.org
Type: Vendor Advisory
security@mozilla.org

Source: XF
Type: UNKNOWN
firefox-cve202138495-code-exec(208818)

Source: security@mozilla.org
Type: Third Party Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Third Party Advisory
security@mozilla.org

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-40
Security Vulnerabilities fixed in Firefox ESR 91.1

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-41
Security Vulnerabilities fixed in Thunderbird 91.1

Source: security@mozilla.org
Type: Vendor Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Vendor Advisory
security@mozilla.org

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:mozilla:thunderbird:91.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7868	P	MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51962	P	Security update for net-snmp (Moderate)	2022-12-13
oval:org.opensuse.security:def:95400	P	Security update for dovecot23 (Important)	2022-07-20
oval:org.opensuse.security:def:3252	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3546	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94806	P	python3-py-1.8.1-5.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95176	P	MozillaThunderbird-91.8.0-150200.8.65.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94882	P	MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6029	P	Security update for MozillaFirefox (Important)	2022-05-09
oval:org.opensuse.security:def:125705	P	Security update for MozillaFirefox (Important)	2022-05-09
oval:org.opensuse.security:def:127268	P	Security update for MozillaFirefox (Important)	2022-05-09
oval:org.opensuse.security:def:126871	P	Security update for MozillaFirefox (Important)	2022-05-09
oval:org.opensuse.security:def:5234	P	Security update for MozillaFirefox (Important)	2022-05-09
oval:org.opensuse.security:def:100056	P	(Important)	2022-03-30
oval:org.opensuse.security:def:6202	P	Security update for bind (Important)	2022-03-21
oval:org.opensuse.security:def:6193	P	Security update for MozillaFirefox (Important)	2022-03-14
oval:org.opensuse.security:def:99745	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:111905	P	MozillaThunderbird-91.1.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111187	P	Security update for MozillaThunderbird (Important)	2021-12-29
oval:org.opensuse.security:def:103004	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:1792	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:10707	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:70810	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:109670	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:6276	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:111845	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:70847	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:102344	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:67365	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:119810	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:96332	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:76433	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:10670	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:99152	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:41166	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:111089	P	Security update for MozillaFirefox (Important)	2021-10-18
oval:org.opensuse.security:def:43099	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:39960	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:45596	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:38669	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:44390	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:65250	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:111749	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:4226	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:101730	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:67291	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:117699	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:74318	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:101519	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:65315	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:76359	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:74383	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:108185	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:1039	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:4161	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:76009	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:70487	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:108779	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9796	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:67282	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:105647	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92202	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:69737	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106435	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9041	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:76350	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:10160	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:99347	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:105842	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92397	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:69936	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106722	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9406	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:5852	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:10347	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:99546	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106037	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:8659	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92596	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:70300	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:102113	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9597	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:66941	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:98957	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92007	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:69546	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106236	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:8846	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:111740	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92795	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:105478	P	MozillaThunderbird-91.1.1-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:43092	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:39952	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:45591	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:38662	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:44382	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:41161	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:58832	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:86650	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:127171	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33720	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:82632	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:29425	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:89198	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:57093	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:84670	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31684	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:23672	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:59543	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:87473	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33978	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:55248	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:83336	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:30129	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:89456	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:57507	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:85734	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:126774	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:32186	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:5119	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:23974	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:59801	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:88194	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:34544	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:55952	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:83456	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:30249	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:58009	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:86148	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33009	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:51660	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:60367	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:88510	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:56072	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:84212	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:125607	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31270	P	Security update for MozillaFirefox (Important)	2021-09-22

BACK