First published: Mon Apr 19 2021(Updated: )
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <78.10 | 78.10 |
<78.10 | 78.10 | |
<78.10 | 78.10 | |
<88 | 88 | |
Mozilla Firefox | <88.0 | |
Mozilla Firefox ESR | <78.10 | |
Mozilla Thunderbird | <78.10 | |
debian/firefox | 118.0.2-1 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 | |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.3.1-1~deb10u1 1:102.13.1-1~deb11u1 1:115.3.1-1~deb11u1 1:102.15.1-1~deb12u1 1:115.3.1-1~deb12u1 1:115.3.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2021-23995 is a vulnerability in Mozilla Thunderbird and Firefox that could allow an attacker to run arbitrary code.
Mozilla Thunderbird 78.10, Mozilla Firefox ESR 78.10, and Mozilla Firefox up to version 88 are affected by CVE-2021-23995.
CVE-2021-23995 has a severity rating of 7, which is considered high.
CVE-2021-23995 can be exploited by enabling Responsive Design Mode and using references to freed objects.
Yes, you can find more information about CVE-2021-23995 in the following references: [Link 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1699835), [Link 2](https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/), [Link 3](https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/).