Home

CVE-2021-29952

Description

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.253

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-29953,CVE-2021-29952 are fixed in Mozilla Firefox (88.0.1)Windows
Vulnerabilities CVE-2021-29953,CVE-2021-29952 are fixed in Mozilla Firefox (x64) (88.0.1)Windows
Vulnerabilities CVE-2021-29953,CVE-2021-29952 are fixed in Update for Glary Utilities (5.88.0.109)Windows
Vulnerabilities CVE-2021-29953,CVE-2021-29952 are fixed in Mozilla Firefox For Mac (88.0.1)Mac
Vulnerabilities CVE-2021-29953,CVE-2021-29952 are fixed in Mozilla Firefox For Mac 88.1.3Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 25.0Mac
Mozilla Open Source web browser (USN-4942-1) firefox_88.0.1+build1-0ubuntu0.18.04.2_i386.debLinux
Mozilla Open Source web browser (USN-4942-1) firefox_88.0.1+build1-0ubuntu0.18.04.2_amd64.debLinux
Mozilla Open Source web browser (USN-4942-1) firefox_88.0.1+build1-0ubuntu0.20.04.2_amd64.debLinux
Mozilla Open Source web browser (USN-4942-1) firefox_88.0.1+build1-0ubuntu0.20.10.2_amd64.debLinux
Mozilla Open Source web browser (USN-4942-1) firefox_88.0.1+build1-0ubuntu0.21.04.2_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-319454Mozilla Firefox (88.0.1)
PATCH-319455Mozilla Firefox (x64) (88.0.1)
PATCH-306710Update for Glary Utilities (5.88.0.109)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234