Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR +CVE-2021-38493) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14

2021-12-1513:44:02

www.ibm.com

mozilla firefox

synthetic playback agent

remote code execution

security restrictions

memory safety bugs

apm

ibm

vulnerability

fixed version

EPSS

0.004

Percentile

74.7%

JSON

Summary

Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-38493, CVEID: CVE-2021-38492

Vulnerability Details

CVEID:CVE-2021-38492
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the acceptance of the mk scheme when delegating navigations to the operating system. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to launch pages and execute scripts in Internet Explorer in unprivileged mode.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208816 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-38493
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208812 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)