csaf_suse - suse-su-2021:0966-1

suse-su-2021:0966-1

Vulnerability from csaf_suse

Published

2021-03-29 11:06

Modified

2021-03-29 11:06

Summary

Security update for MozillaFirefox

Notes

Title of the patch

Security update for MozillaFirefox

Description of the patch

This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs

Patchnames

SUSE-2021-966,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-966,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-966

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox was updated to 78.9.0 ESR  (MFSA 2021-11, bsc#1183942)\n  * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read\n  * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage\n  * CVE-2021-23984: Malicious extensions could have spoofed popup information\n  * CVE-2021-23987: Memory safety bugs\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-966,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-966,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-966",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0966-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:0966-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210966-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:0966-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008561.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183942",
        "url": "https://bugzilla.suse.com/1183942"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23981 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23981/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23982 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23982/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23984 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23984/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23987 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23987/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2021-03-29T11:06:30Z",
      "generator": {
        "date": "2021-03-29T11:06:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:0966-1",
      "initial_release_date": "2021-03-29T11:06:30Z",
      "revision_history": [
        {
          "date": "2021-03-29T11:06:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-78.9.0-8.35.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-78.9.0-8.35.1.aarch64",
                  "product_id": "MozillaFirefox-78.9.0-8.35.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.aarch64",
                  "product_id": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
                  "product_id": "MozillaFirefox-devel-78.9.0-8.35.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-78.9.0-8.35.1.i686",
                "product": {
                  "name": "MozillaFirefox-78.9.0-8.35.1.i686",
                  "product_id": "MozillaFirefox-78.9.0-8.35.1.i686"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.i686",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.i686",
                  "product_id": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.i686"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-buildsymbols-78.9.0-8.35.1.i686",
                "product": {
                  "name": "MozillaFirefox-buildsymbols-78.9.0-8.35.1.i686",
                  "product_id": "MozillaFirefox-buildsymbols-78.9.0-8.35.1.i686"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-78.9.0-8.35.1.i686",
                "product": {
                  "name": "MozillaFirefox-devel-78.9.0-8.35.1.i686",
                  "product_id": "MozillaFirefox-devel-78.9.0-8.35.1.i686"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.i686",
                "product": {
                  "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.i686",
                  "product_id": "MozillaFirefox-translations-common-78.9.0-8.35.1.i686"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.i686",
                "product": {
                  "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.i686",
                  "product_id": "MozillaFirefox-translations-other-78.9.0-8.35.1.i686"
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-78.9.0-8.35.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-78.9.0-8.35.1.ppc64le",
                  "product_id": "MozillaFirefox-78.9.0-8.35.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
                  "product_id": "MozillaFirefox-devel-78.9.0-8.35.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-78.9.0-8.35.1.s390x",
                "product": {
                  "name": "MozillaFirefox-78.9.0-8.35.1.s390x",
                  "product_id": "MozillaFirefox-78.9.0-8.35.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.s390x",
                  "product_id": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-78.9.0-8.35.1.s390x",
                "product": {
                  "name": "MozillaFirefox-devel-78.9.0-8.35.1.s390x",
                  "product_id": "MozillaFirefox-devel-78.9.0-8.35.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
                  "product_id": "MozillaFirefox-translations-common-78.9.0-8.35.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
                  "product_id": "MozillaFirefox-translations-other-78.9.0-8.35.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-78.9.0-8.35.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-78.9.0-8.35.1.x86_64",
                  "product_id": "MozillaFirefox-78.9.0-8.35.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-78.9.0-8.35.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-buildsymbols-78.9.0-8.35.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-buildsymbols-78.9.0-8.35.1.x86_64",
                  "product_id": "MozillaFirefox-buildsymbols-78.9.0-8.35.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
                  "product_id": "MozillaFirefox-devel-78.9.0-8.35.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-78.9.0-8.35.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64"
        },
        "product_reference": "MozillaFirefox-78.9.0-8.35.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-78.9.0-8.35.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-78.9.0-8.35.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-78.9.0-8.35.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x"
        },
        "product_reference": "MozillaFirefox-78.9.0-8.35.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-78.9.0-8.35.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64"
        },
        "product_reference": "MozillaFirefox-78.9.0-8.35.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-78.9.0-8.35.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64"
        },
        "product_reference": "MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-78.9.0-8.35.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-78.9.0-8.35.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x"
        },
        "product_reference": "MozillaFirefox-devel-78.9.0-8.35.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-78.9.0-8.35.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-23981",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23981"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23981",
          "url": "https://www.suse.com/security/cve/CVE-2021-23981"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183942 for CVE-2021-23981",
          "url": "https://bugzilla.suse.com/1183942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-29T11:06:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-23981"
    },
    {
      "cve": "CVE-2021-23982",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23982"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23982",
          "url": "https://www.suse.com/security/cve/CVE-2021-23982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183942 for CVE-2021-23982",
          "url": "https://bugzilla.suse.com/1183942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-29T11:06:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-23982"
    },
    {
      "cve": "CVE-2021-23984",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23984"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23984",
          "url": "https://www.suse.com/security/cve/CVE-2021-23984"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183942 for CVE-2021-23984",
          "url": "https://bugzilla.suse.com/1183942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-29T11:06:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-23984"
    },
    {
      "cve": "CVE-2021-23987",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23987"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23987",
          "url": "https://www.suse.com/security/cve/CVE-2021-23987"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183942 for CVE-2021-23987",
          "url": "https://bugzilla.suse.com/1183942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.9.0-8.35.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.9.0-8.35.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-29T11:06:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-23987"
    }
  ]
}

CVE-2021-23982 (GCVE-0-2021-23982)

Vulnerability from cvelistv5

Published

2021-03-31 13:42

Modified

2024-08-03 19:14

Severity ?

CWE

Internal network hosts could have been probed by a malicious webpage

Summary

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

References

►

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2021-10/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-12/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-11/	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1677046	x_refsource_MISC

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox ESR

Version: unspecified < 78.9

	Mozilla	Firefox	Version: unspecified < 87
	Mozilla	Thunderbird	Version: unspecified < 78.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Internal network hosts could have been probed by a malicious webpage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T13:28:49",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23982",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Internal network hosts could have been probed by a malicious webpage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-23982",
    "datePublished": "2021-03-31T13:42:04",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-08-03T19:14:09.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-23984 (GCVE-0-2021-23984)

Vulnerability from cvelistv5

Published

2021-03-31 13:41

Modified

2024-08-03 19:14

Severity ?

CWE

Malicious extensions could have spoofed popup information

Summary

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

References

►

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2021-10/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-12/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-11/	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1693664	x_refsource_MISC

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox ESR

Version: unspecified < 78.9

	Mozilla	Firefox	Version: unspecified < 87
	Mozilla	Thunderbird	Version: unspecified < 78.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:10.003Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1693664"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Malicious extensions could have spoofed popup information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T13:28:37",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1693664"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Malicious extensions could have spoofed popup information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1693664",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1693664"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-23984",
    "datePublished": "2021-03-31T13:41:34",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-08-03T19:14:10.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-23981 (GCVE-0-2021-23981)

Vulnerability from cvelistv5

Published

2021-03-31 13:42

Modified

2024-08-03 19:14

Severity ?

CWE

Texture upload into an unbound backing buffer resulted in an out-of-bound read

Summary

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

References

►

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2021-10/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-12/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-11/	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1692832	x_refsource_MISC

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox ESR

Version: unspecified < 78.9

	Mozilla	Firefox	Version: unspecified < 87
	Mozilla	Thunderbird	Version: unspecified < 78.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Texture upload into an unbound backing buffer resulted in an out-of-bound read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T13:28:55",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Texture upload into an unbound backing buffer resulted in an out-of-bound read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692832"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-23981",
    "datePublished": "2021-03-31T13:42:17",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-08-03T19:14:09.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-23987 (GCVE-0-2021-23987)

Vulnerability from cvelistv5

Published

2021-03-31 13:40

Modified

2024-08-03 19:14

Severity ?

CWE

Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

Summary

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

References

►

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2021-10/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-12/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2021-11/	x_refsource_MISC
	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718	x_refsource_MISC

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox ESR

Version: unspecified < 78.9

	Mozilla	Firefox	Version: unspecified < 87
	Mozilla	Thunderbird	Version: unspecified < 78.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:10.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "78.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T13:27:22",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "78.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-10/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-12/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-11/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-23987",
    "datePublished": "2021-03-31T13:40:44",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-08-03T19:14:10.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2021:0966-1

Vulnerability from csaf_suse

CVE-2021-23982 (GCVE-0-2021-23982)

Vulnerability from cvelistv5

CVE-2021-23984 (GCVE-0-2021-23984)

Vulnerability from cvelistv5

CVE-2021-23981 (GCVE-0-2021-23981)

Vulnerability from cvelistv5

CVE-2021-23987 (GCVE-0-2021-23987)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature