Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-38504
HistoryNov 03, 2021 - 12:00 a.m.

CVE-2021-38504

2021-11-0300:00:00
ubuntu.com
ubuntu.com
26
html input element
file picker dialog
memory corruption
potentially exploitable crash
firefox
thunderbird
firefox esr

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.3%

When interacting with an HTML input element’s file picker dialog with
webkitdirectory set, a use-after-free could have resulted, leading to
memory corruption and a potentially exploitable crash. This vulnerability
affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfirefox< 94.0+build3-0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchfirefox< 94.0+build3-0ubuntu0.20.04.1UNKNOWN
ubuntu21.04noarchfirefox< 94.0+build3-0ubuntu0.21.04.1UNKNOWN
ubuntu21.10noarchfirefox< 94.0+build3-0ubuntu0.21.10.1UNKNOWN
ubuntu22.04noarchfirefox< 94.0+build3-0ubuntu1UNKNOWN
ubuntu22.10noarchfirefox< 94.0+build3-0ubuntu1UNKNOWN
ubuntu23.04noarchfirefox< 94.0+build3-0ubuntu1UNKNOWN
ubuntu23.10noarchfirefox< 94.0+build3-0ubuntu1UNKNOWN
ubuntu24.04noarchfirefox< 94.0+build3-0ubuntu1UNKNOWN
ubuntu18.04noarchmozjs38< anyUNKNOWN
Rows per page:
1-10 of 221

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.3%