What is the severity of CVE-2021-38501?

The severity of CVE-2021-38501 is high with a severity value of 8.8.

Which software versions are affected by CVE-2021-38501?

CVE-2021-38501 affects Firefox versions prior to 93, Thunderbird versions prior to 91.2, and Firefox ESR versions prior to 91.2.

How can CVE-2021-38501 be exploited?

CVE-2021-38501 can be exploited by running arbitrary code after exploiting memory corruption bugs in Firefox 92 and Firefox ESR 91.1.

Is there a fix available for CVE-2021-38501?

Yes, the fix for CVE-2021-38501 is available in Firefox version 93, Thunderbird version 91.2, and Firefox ESR version 91.2.

Where can I find more information about CVE-2021-38501?

You can find more information about CVE-2021-38501 on the Mozilla Security Advisories page at the following links: [https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/](https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/) and [https://www.mozilla.org/security/advisories/mfsa2021-43/](https://www.mozilla.org/security/advisories/mfsa2021-43/).

Vulnerability/
CVE-2021-38501

high

8.8

5/10/2021

3/11/2021

4/8/2024

CVE-2021-38501

First published: Tue Oct 05 2021(Updated: )

Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
	<93	93
	<91.2	91.2
Mozilla Thunderbird	<91.2	91.2
	<91.2	91.2
Mozilla Firefox	<93.0
Mozilla Firefox ESR	<91.2
Mozilla Thunderbird	<91.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2021-38501?
The severity of CVE-2021-38501 is high with a severity value of 8.8.
Which software versions are affected by CVE-2021-38501?
CVE-2021-38501 affects Firefox versions prior to 93, Thunderbird versions prior to 91.2, and Firefox ESR versions prior to 91.2.
How can CVE-2021-38501 be exploited?
CVE-2021-38501 can be exploited by running arbitrary code after exploiting memory corruption bugs in Firefox 92 and Firefox ESR 91.1.
Is there a fix available for CVE-2021-38501?
Yes, the fix for CVE-2021-38501 is available in Firefox version 93, Thunderbird version 91.2, and Firefox ESR version 91.2.
Where can I find more information about CVE-2021-38501?
You can find more information about CVE-2021-38501 on the Mozilla Security Advisories page at the following links: [https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/](https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/) and [https://www.mozilla.org/security/advisories/mfsa2021-43/](https://www.mozilla.org/security/advisories/mfsa2021-43/).

collector/mozilla-advisory
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/author
agent/severity
agent/references
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/description
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox esr
canonical/mozilla firefox