Vulnerability CVE-2021-43539

Vulnerability Name:

CVE-2021-43539 (CCN-214738)

Assigned:

2021-12-07

Published:

2021-12-07

Updated:

2022-12-09

Summary:

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-43539

Source: security@mozilla.org
Type: Issue Tracking, Permissions Required, Vendor Advisory
security@mozilla.org

Source: XF
Type: UNKNOWN
firefox-cve202143539-dos(214738)

Source: security@mozilla.org
Type: Mailing List, Third Party Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Mailing List, Third Party Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Third Party Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Third Party Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Third Party Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Third Party Advisory
security@mozilla.org

Source: CCN
Type: IBM Security Bulletin 6578563 (Application Performance Management)
Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

Source: CCN
Type: IBM Security Bulletin 6891067 (Cloud Pak for Multicloud Management Monitoring)
Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-52
Security Vulnerabilities fixed in Firefox 95

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-53
Security Vulnerabilities fixed in Firefox ESR 91.4.0

Source: CCN
Type: Mozilla Foundation Security Advisory 2021-54
Security Vulnerabilities fixed in Thunderbird 91.4.0

Source: security@mozilla.org
Type: Vendor Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Vendor Advisory
security@mozilla.org

Source: security@mozilla.org
Type: Vendor Advisory
security@mozilla.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7868	P	MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51995	P	Security update for c-ares (Important) (in QA)	2023-02-10
oval:org.opensuse.security:def:3546	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3252	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94882	P	MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94817	P	qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95176	P	MozillaThunderbird-91.8.0-150200.8.65.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:102177	P	Security update for SUSE Manager Server 4.2 (Moderate)	2022-03-04
oval:org.opensuse.security:def:100087	P	(Moderate)	2022-03-04
oval:org.opensuse.security:def:111902	P	MozillaFirefox-95.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111908	P	MozillaThunderbird-91.4.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111187	P	Security update for MozillaThunderbird (Important)	2021-12-29
oval:org.opensuse.security:def:111845	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:6276	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:96332	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:109670	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:76433	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:103004	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:119810	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:1792	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:10670	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:70810	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:10707	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:70847	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:102344	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:67365	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:57541	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:86182	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:29459	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:111165	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:59834	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:88548	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:31718	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:55984	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:84250	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:127204	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:23722	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:34011	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:58059	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:86700	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30161	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:51710	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:82666	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:60433	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:89231	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:32236	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:56104	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:84708	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:24007	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:34610	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:58883	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:87524	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30281	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:83368	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:125640	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:89489	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:33060	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:57143	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:85784	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:26182	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:5169	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:59576	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:88231	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:31320	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:55282	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:83488	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:126807	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:41162	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:76418	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:92627	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:106466	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:10187	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:70327	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:65326	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:98988	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:45592	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:117710	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:74329	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:92038	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:1050	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:105873	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:9433	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:69573	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:99776	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:4237	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:92826	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:106753	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:10378	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:70518	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:8686	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:67005	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:99183	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:38664	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:74394	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:92233	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:106068	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:9628	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:69768	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:5916	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:43094	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:108196	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:101741	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:8877	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:67350	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:99378	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:39954	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:76073	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:92428	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:106267	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:9827	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:69967	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:101530	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:111828	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:6261	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:65261	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:44384	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:95464	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:108843	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:105678	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:9072	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:99577	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:4172	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:com.redhat.rhsa:def:20215045	P	RHSA-2021:5045: thunderbird security update (Important)	2021-12-09
oval:com.redhat.rhsa:def:20215046	P	RHSA-2021:5046: thunderbird security update (Important)	2021-12-09
oval:com.redhat.rhsa:def:20215013	P	RHSA-2021:5013: firefox security update (Important)	2021-12-08
oval:com.redhat.rhsa:def:20215014	P	RHSA-2021:5014: firefox security update (Important)	2021-12-08

BACK