Lucene search

PRIOn knowledge basePRION:CVE-2021-43535

HistoryDec 08, 2021 - 10:15 p.m.

Design/Logic Flaw

2021-12-0822:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
debian_linuxeq11.0
firefoxlt93.0
firefox_esrlt91.3.0
thunderbirdlt91.3.0

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
debian_linux	eq	11.0
firefox	lt	93.0
firefox_esr	lt	91.3.0
thunderbird	lt	91.3.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1667102

lists.debian.org/debian-lts-announce/2021/12/msg00030.html

lists.debian.org/debian-lts-announce/2022/01/msg00001.html

www.debian.org/security/2021/dsa-5026

www.debian.org/security/2022/dsa-5034

www.mozilla.org/security/advisories/mfsa2021-43/

www.mozilla.org/security/advisories/mfsa2021-49/

www.mozilla.org/security/advisories/mfsa2021-50/