A transient execution vulnerability, named Floating Point Value Injection
(FPVI) allowed an attacker to leak arbitrary memory addresses and may have
also enabled JIT type confusion attacks. (A related vulnerability,
Speculative Code Store Bypass (SCSB), did not affect Firefox.). This
vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 87.0+build3-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 87.0+build3-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | firefox | < any | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 87.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | upstream | noarch | firefox | < 87.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | upstream | noarch | firefox | < 87.0 | UNKNOWN |
ubuntu | upstream | noarch | firefox | < 87.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | upstream | noarch | firefox-esr | < 78.9.0esr-1 | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | upstream | noarch | mozjs38 | < any | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1692972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955
launchpad.net/bugs/cve/CVE-2021-29955
nvd.nist.gov/vuln/detail/CVE-2021-29955
security-tracker.debian.org/tracker/CVE-2021-29955
www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955
www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955
www.mozilla.org/security/advisories/mfsa2021-10/
www.mozilla.org/security/advisories/mfsa2021-11/