| Vulnerability Name: | CVE-2021-4129 (CCN-245123) |
| Assigned: | 2021-12-07 |
| Published: | 2021-12-07 |
| Updated: | 2023-01-03 |
| Summary: | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. |
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-120
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2021-4129
Source: XF
Type: UNKNOWN
firefox-cve20214129-code-exec(245123)
Source: CCN
Type: Mozilla Foundation Security Advisory 2021-52
Security Vulnerabilities fixed in Firefox 95
|
| Vulnerable Configuration: | Configuration RedHat 1:
cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 2:
cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*Configuration RedHat 3:
cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*Configuration RedHat 4:
cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*Configuration RedHat 5:
cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*Configuration RedHat 6:
cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |