Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8: 2021-0403 Critical: Firefox Memory Corruption Exploit

mageia
Calendar Grey August 14, 2021
Dist Mageia Esm H88
Recent Firefox updates for Mageia tackle critical memory corruption vulnerabilities with potential exploitation risks. Explore the security advisory and its impact
Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially...

Summary

Updated firefox packages fix security vulnerabilities:
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980).
Instruction reordering during JIT optimization resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash (CVE-2021-29984).
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash (CVE-2021-29985).
A suspected race condition when calling getaddrinfo while resolving DNS names could have led to memory corruption and a potentially exploitable crash (CVE-2021-29986).
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash (CVE-2021-29988).
Mozilla developers Christoph Kersc...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29346

- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/PsqVK-ngKHM

- - https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/

- https://www.cve.org/CVERecord?id=CVE-2021-XXXX

Topics%20covered

Topics Covered

security advisory security issue critical memory corruption Firefox Mageia exploitable crash

Resolution

SRPMS

- 8/core/firefox-78.13.0-1.mga8

- 8/core/firefox-l10n-78.13.0-1.mga8

- 8/core/nss-3.69.0-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 14 Aug 2021
URL: https://advisories.mageia.org/MGASA-2021-0403.html
Type: security
CVE: CVE-2021-XXXX

Topics%20covered

Topics Covered

security advisory security issue critical memory corruption Firefox Mageia exploitable crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here