Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8: MGASA-2021-0354 Critical: Firefox Memory Corruption Exploit

mageia
Calendar Grey July 16, 2021
Dist Mageia Esm H88
Newly released Firefox updates for Mageia tackle vulnerabilities linked to memory misuse and potential exploitation stemming from accessibility functions shortcomings.
A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility ...

Summary

A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970).
Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29976).
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash (CVE-2021-30547).

References

- https://bugs.mageia.org/show_bug.cgi?id=29247

- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/M01xJ10PkAc

- - - https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/

- https://access.redhat.com/errata/RHSA-2021:2741

- https://www.cve.org/CVERecord?id=CVE-2021-29970

- https://www.cve.org/CVERecord?id=CVE-2021-29976

- https://www.cve.org/CVERecord?id=CVE-2021-30547

Topics%20covered

Topics Covered

security advisory critical memory corruption firefox firefox update mageia accessibility exploit

Resolution

SRPMS

- 8/core/nspr-4.32-1.mga8

- 8/core/rootcerts-20210525.00-1.1.mga8

- 8/core/nss-3.68.0-1.mga8

- 8/core/firefox-78.12.0-1.mga8

- 8/core/firefox-l10n-78.12.0-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 16 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0354.html
Type: security
CVE: CVE-2021-29970, CVE-2021-29976, CVE-2021-30547

Topics%20covered

Topics Covered

security advisory critical memory corruption firefox firefox update mageia accessibility exploit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here