CVE-2021-43534
First published: Tue Nov 02 2021(Updated: )
Mozilla developers and community members Christian Holler, Valentin Gosu, and Andrew McCreight reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <91.3 | 91.3 |
| debian/firefox | 118.0.2-1 | |
| debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 115.4.0esr-1 | |
| debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.3.1-1~deb10u1 1:102.13.1-1~deb11u1 1:115.3.1-1~deb11u1 1:102.15.1-1~deb12u1 1:115.3.1-1~deb12u1 1:115.3.1-1 | |
| Mozilla Thunderbird | <91.3 | 91.3 |
| Mozilla Firefox | <94 | 94 |
| Mozilla Firefox | <94.0 | |
| Mozilla Firefox ESR | <91.3.0 | |
| Mozilla Thunderbird | <91.3.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| <94.0 | ||
| <91.3.0 | ||
| <91.3.0 | ||
| =9.0 | ||
| =10.0 | ||
| =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1606864%2C1712671%2C1730048%2C1735152
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
- https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
- https://www.debian.org/security/2021/dsa-5026
- https://www.debian.org/security/2022/dsa-5034
- https://www.mozilla.org/security/advisories/mfsa2021-48/
- https://www.mozilla.org/security/advisories/mfsa2021-49/
- https://www.mozilla.org/security/advisories/mfsa2021-50/
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534
- https://security-tracker.debian.org/tracker/CVE-2021-43534
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2021-43534?
The severity of CVE-2021-43534 is high.
Which versions of Firefox are affected by CVE-2021-43534?
Firefox versions up to and excluding 94 are affected by CVE-2021-43534.
How can I fix CVE-2021-43534 in Firefox?
To fix CVE-2021-43534 in Firefox, update to version 94 or higher.
Which versions of Firefox ESR are affected by CVE-2021-43534?
Firefox ESR versions up to and excluding 91.3 are affected by CVE-2021-43534.
How can I fix CVE-2021-43534 in Firefox ESR?
To fix CVE-2021-43534 in Firefox ESR, update to version 91.3 or higher.
- collector/mozilla-advisory
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- source/Mozilla
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/mozilla
- canonical/mozilla firefox esr
- package-manager/debian
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0