CVE-2021-23995
HIGHFirefox ESR < 78.10 & Thunderbird < 78.10 - Use After Free
Title source: llmDescription
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-14/
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-16/
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-15/
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1699835
Scores
CVSS v3
8.8
EPSS
0.0121
EPSS Percentile
64.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-672
Status
published
Products (3)
mozilla/firefox
< 88.0
mozilla/firefox_esr
< 78.10
mozilla/thunderbird
< 78.10
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026