logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14

Description

## Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-29967,CVEID: CVE-2021-29964,CVEID: CVE-2021-29985,CVEID: CVE-2021-29970,CVEID: CVE-2021-29984,CVEID: CVE-2021-24002,CVEID: CVE-2021-29946,CVEID: CVE-2021-23995,CVEID: CVE-2021-23994,CVEID: CVE-2021-23998,CVEID: CVE-2021-23999,CVEID: CVE-2021-29988,CVEID: CVE-2021-29951,CVEID: CVE-2021-29989,CVEID: CVE-2021-29986,CVEID: CVE-2021-29477,CVEID: CVE-2021-29478,CVEID: CVE-2021-29469,CVEID: CVE-2021-29976,CVEID: CVE-2021-29980 ## Vulnerability Details ** CVEID: **[CVE-2021-29967](<https://vulners.com/cve/CVE-2021-29967>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202779](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202779>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29964](<https://vulners.com/cve/CVE-2021-29964>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when parsing a `WM_COPYDATA` message. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202784>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2021-29985](<https://vulners.com/cve/CVE-2021-29985>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in MediaCacheStream::NotifyDataReceived method. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207142](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207142>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29970](<https://vulners.com/cve/CVE-2021-29970>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in accessibility features of a document. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205295>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29984](<https://vulners.com/cve/CVE-2021-29984>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by incorrect instruction reordering during JIT optimization. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207139](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207139>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-24002](<https://vulners.com/cve/CVE-2021-24002>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary commands on the system. By persuading a victim to click on a specially-crafted FTP URL containing encoded newline characters (%0A and %0D), a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary commands on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200194](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200194>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29946](<https://vulners.com/cve/CVE-2021-29946>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by use of ports that were written as an integer overflow above the bounds of a 16-bit integer in the Alt-Svc header. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass port blocking. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200197](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200197>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) ** CVEID: **[CVE-2021-23995](<https://vulners.com/cve/CVE-2021-23995>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when Responsive Design Mode was enabled. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200187](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200187>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-23994](<https://vulners.com/cve/CVE-2021-23994>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by by an out-of-bounds write during lazy initialization. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200186](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200186>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-23998](<https://vulners.com/cve/CVE-2021-23998>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by complicated navigations with new windows. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof a secure lock icon. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200190](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200190>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) ** CVEID: **[CVE-2021-23999](<https://vulners.com/cve/CVE-2021-23999>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to gain elevated privileges on the system, caused by the loading of a Blob URL by the System Principal. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to gain elevated privileges on the system. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200191](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200191>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29988](<https://vulners.com/cve/CVE-2021-29988>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by incorrect style treatment that triggers an out-of-bounds read. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207137>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29951](<https://vulners.com/cve/CVE-2021-29951>) ** DESCRIPTION: **Mozilla Firefox and Thunderbird could allow a remote attacker to bypass security restrictions, caused by the granting of SERVICE_START access to BUILTIN|Users by the Mozilla Maintenance Service. An attacker could exploit this vulnerability to start or stop the service. CVSS Base score: 5.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201172>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) ** CVEID: **[CVE-2021-29989](<https://vulners.com/cve/CVE-2021-29989>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207134>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29986](<https://vulners.com/cve/CVE-2021-29986>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a race condition when calling getaddrinfo. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207135](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207135>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29477](<https://vulners.com/cve/CVE-2021-29477>) ** DESCRIPTION: **Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the STRALGO LCS command. By sending a specially crafted request, an attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201176](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201176>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29478](<https://vulners.com/cve/CVE-2021-29478>) ** DESCRIPTION: **Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in COPY command for large intsets. By sending a specially crafted request, an attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201174](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201174>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29469](<https://vulners.com/cve/CVE-2021-29469>) ** DESCRIPTION: **Node Redis redis module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service flaw in monitor mode. By sending specially-crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200618>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-29976](<https://vulners.com/cve/CVE-2021-29976>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205294](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205294>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29980](<https://vulners.com/cve/CVE-2021-29980>) ** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by uninitialized memory in a canvas object. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207140](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207140>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- APM AM| 8.1.4 APM SaaS| 8.1.4 APM on-premise| 8.1.4 ## Remediation/Fixes Product Remediation | Fix ---|--- APM AM | fixed in latest saas env APM SaaS | fixed in latest saas env APM on-premis | Synthetic Playback Agent 8.1.4 IF15 Download link: [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-SYNTHETIC-PLAYBACK-AGENT-IF0015&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-SYNTHETIC-PLAYBACK-AGENT-IF0015&source=SAR>) Readme: <https://www.ibm.com/support/pages/node/6487543> ## Workarounds and Mitigations None ##


Affected Software


CPE Name Name Version
ibm application performance management 8.1.4

Related