ArchLinux: 202104-3: firefox: multiple issues
Summary
- CVE-2021-23994 (arbitrary code execution)
A security issue has been found in Firefox before version 88 and
Thunderbird before version 78.10. A WebGL framebuffer was not
initialized early enough, resulting in memory corruption and an out of
bounds write.
- CVE-2021-23995 (arbitrary code execution)
A security issue has been found in Firefox before version 88 and
Thunderbird before version 78.10. When Responsive Design Mode was
enabled, it used references to objects that were previously freed.
Mozilla presumes that with enough effort this could have been exploited
to run arbitrary code.
- CVE-2021-23996 (content spoofing)
A security issue has been found in Firefox before version 88. By
utilizing 3D CSS in conjunction with Javascript, content could have
been rendered outside the webpage's viewport, resulting in a spoofing
attack that could have been used for phishing or other attacks on a
user.
- CVE-2021-23997 (arbitrary code execution)
A security issue has been found in Firefox before version 88. Due to
unexpected data type conversions, a use-after-free could have occurred
when interacting with the font cache. Mozilla presumes that with enough
effort this could have been exploited to run arbitrary code.
- CVE-2021-23998 (content spoofing)
A security issue has been found in Firefox before version 88 and
Thunderbird before version 78.10. Through complicated navigations with
new windows, an HTTP page could have inherited a secure lock icon from
an HTTPS page.
- CVE-2021-23999 (sandbox escape)
A security issue has been found in Firefox before version 88 and
Thunderbird before version 78.10. If a Blob URL was loaded through some
unusual user interaction, it could have been loaded by the System
Principal and granted additional privileges that should not be granted
to web content.
- CVE-2021-24000 (content spoofing)
A security issue has been found in Firefox before version 88. A race
condition with requestPointerLock() and setTimeout() could have
resulted in a user interacting with one tab when they believed they
were on a separate tab. In conjunction with certain elements (such as
) this could have led to an attack where a user was
confused about the origin of the webpage and potentially disclosed
information they did not intend to.
- CVE-2021-24001 (sandbox escape)
A security issue has been found in Firefox before version 88. A
compromised content process could have performed session history
manipulations it should not have been able to due to testing
infrastructure that was not restricted to testing-only configurations.
- CVE-2021-24002 (arbitrary command execution)
A security issue has been found in Firefox before version 88 and
Thunderbird before version 78.10. When a user clicked on an FTP URL
containing encoded newline characters (%0A and %0D), the newlines would
have been interpreted as such and allowed arbitrary commands to be sent
to the FTP server.
- CVE-2021-29946 (access restriction bypass)
A security issue has been found in Firefox before version 88 and
Thunderbird before version 78.10. Ports that were written as an integer
overflow above the bounds of a 16-bit integer could have bypassed port
blocking restrictions when used in the Alt-Svc header.
- CVE-2021-29947 (arbitrary code execution)
A security issue has been found in Firefox before version 88. Mozilla
developers and community members reported memory safety bugs present in
Firefox 87. Some of these bugs showed evidence of memory corruption and
Mozilla presumes that with enough effort some of these could have been
exploited to run arbitrary code.
Resolution
Upgrade to 88.0-1.
# pacman -Syu "firefox>=88.0-1"
The problems have been fixed upstream in version 88.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994 https://bugzilla.mozilla.org/show_bug.cgi?id=1699077 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995 https://bugzilla.mozilla.org/show_bug.cgi?id=1699835 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996 https://bugzilla.mozilla.org/show_bug.cgi?id=1701834 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997 https://bugzilla.mozilla.org/show_bug.cgi?id=1701942 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998 https://bugzilla.mozilla.org/show_bug.cgi?id=1667456 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999 https://bugzilla.mozilla.org/show_bug.cgi?id=1691153 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000 https://bugzilla.mozilla.org/show_bug.cgi?id=1694698 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001 https://bugzilla.mozilla.org/show_bug.cgi?id=1694727 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002 https://bugzilla.mozilla.org/show_bug.cgi?id=1702374 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946 https://bugzilla.mozilla.org/show_bug.cgi?id=1698503 https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651449%2C1674142%2C1693476%2C1696886%2C1700091 https://security.archlinux.org/CVE-2021-23994 https://security.archlinux.org/CVE-2021-23995 https://security.archlinux.org/CVE-2021-23996 https://security.archlinux.org/CVE-2021-23997 https://security.archlinux.org/CVE-2021-23998 https://security.archlinux.org/CVE-2021-23999 https://security.archlinux.org/CVE-2021-24000 https://security.archlinux.org/CVE-2021-24001 https://security.archlinux.org/CVE-2021-24002 https://security.archlinux.org/CVE-2021-29946 https://security.archlinux.org/CVE-2021-29947
Workaround
None.