Lucene search

Gentoo FoundationMGASA-2021-0425

HistorySep 23, 2021 - 7:49 a.m.

Updated firefox packages fix security vulnerability

2021-09-2307:49:29

Gentoo Foundation

advisories.mageia.org

mozilla

memory safety

memory corruption

arbitrary code

cve-2021-38493

firefox package

91esr branch

upstream release notes

unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.7%

JSON

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-38493). The firefox package has been updated to the 91ESR branch. See the upstream release notes for details.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchfirefox< 91.1.0-1firefox-91.1.0-1.mga8
Mageia8noarchfirefox-l10n< 91.1.0-1firefox-l10n-91.1.0-1.mga8
Mageia8noarchnss< 3.70.0-1nss-3.70.0-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	firefox	< 91.1.0-1	firefox-91.1.0-1.mga8
Mageia	8	noarch	firefox-l10n	< 91.1.0-1	firefox-l10n-91.1.0-1.mga8
Mageia	8	noarch	nss	< 3.70.0-1	nss-3.70.0-1.mga8