Mozilla developers reported memory safety bugs present in Firefox 85. Some
of these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary
code. This vulnerability affects Firefox < 86.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 86.0+build3-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 86.0+build3-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 86.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | firefox | < 86.0+build3-0ubuntu1 | UNKNOWN |
bugzilla.mozilla.org/buglist.cgi?bug_id=1663222%2C1666607%2C1672120%2C1678463%2C1678927%2C1679560%2C1681297%2C1681684%2C1683490%2C1684377%2C1684902
launchpad.net/bugs/cve/CVE-2021-23979
nvd.nist.gov/vuln/detail/CVE-2021-23979
security-tracker.debian.org/tracker/CVE-2021-23979
ubuntu.com/security/notices/USN-4756-1
www.cve.org/CVERecord?id=CVE-2021-23979
www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
www.mozilla.org/security/advisories/mfsa2021-07/