First published: Tue Sep 07 2021(Updated: )
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <91.1 | 91.1 |
<91.1 | 91.1 | |
<91.1 | 91.1 | |
Mozilla Firefox ESR | <91.1 | |
Mozilla Thunderbird | <91.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38495 is a memory safety bug present in Firefox 91 and Firefox ESR 91.0.
Yes, with enough effort, CVE-2021-38495 could have been exploited to run arbitrary code.
Mozilla Firefox ESR versions up to exclusive version 91.1 and Mozilla Thunderbird versions up to exclusive version 91.1 are affected by CVE-2021-38495.
CVE-2021-38495 is rated with a severity of 7 (high).
To fix CVE-2021-38495, update your Mozilla Firefox ESR or Mozilla Thunderbird to version 91.1.