Description
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-47/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-45/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-43/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-46/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-44/
Broken Link, Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1725854%2C1728321
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5034
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
Scores
CVSS v3
8.8
EPSS
0.0109
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (6)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
mozilla/firefox
< 93.0
mozilla/firefox_esr
< 78.15
mozilla/thunderbird
< 78.15
Published
Nov 03, 2021
Tracked Since
Feb 18, 2026