CVE-2021-29951
Description
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the Stop command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.531
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-29951 are fixed in Mozilla Firefox ESR (78.10.1) | Windows |
| Vulnerabilities CVE-2021-29951 are fixed in Mozilla Firefox ESR (x64) (78.10.1) | Windows |
| Vulnerabilities CVE-2021-29951 are fixed in Mozilla Thunderbird (78.10.1) | Windows |
| Vulnerabilities CVE-2021-29951 are fixed in Mozilla Thunderbird (x64) (78.10.1) | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 86.99 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 86.99 | Windows |
| Vulnerabilities CVE-2021-29951 are affected in Mozilla Firefox (x64) 78.10.0 | Windows |
| Vulnerabilities CVE-2021-29951 are affected in Mozilla_Firefox 78.10.0 | Windows |
| Vulnerabilities CVE-2021-29951 are fixed in Mozilla Thunderbird For Mac 78.10.1 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 68.0.1 | Mac |
| Multiple Vulnerabilities are affected in Firefox ESR for Mac 68.0.1 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 84.1.3 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 78.9.1 | Mac |
| Vulnerabilities CVE-2021-29951 are fixed in Mozilla Firefox For Mac 78.10.1 | Mac |
| SUSE-SU-2021:1886-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-78.11.0-112.62.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1886-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debuginfo-78.11.0-112.62.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1886-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debugsource-78.11.0-112.62.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1886-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-devel-78.11.0-112.62.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1886-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-translations-common-78.11.0-112.62.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-319434 | Mozilla Firefox ESR (78.10.1) |
| PATCH-319435 | Mozilla Firefox ESR (x64) (78.10.1) |
| PATCH-319444 | Mozilla Thunderbird (78.10.1) |
| PATCH-319445 | Mozilla Thunderbird (x64) (78.10.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234