Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2021-0469 Moderate: Firefox Memory Safety Crashes

mageia
Calendar Grey October 8, 2021
Dist Mageia Esm H88
Newly released Firefox updates address various security vulnerabilities, ranging from memory leaks to potentially exploitable crashes.
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten an...

Summary

Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak (CVE-2021-32810).
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash due to a use-after-free in MessageTask (CVE-2021-38496).
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks (CVE-2021-38497).
During process shutdown, a document could have caused a use-after-free of a languages service object (nsLanguageAtomService), leading to memory corruption and a potentially exploitable crash (CVE-2021-38498).
Mozilla developers and community members Andreas Pehrson, Chris...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29525

- https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/

- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/eLTKcnMNzPg

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_71.html

- https://www.cve.org/CVERecord?id=CVE-2021-32810

- https://www.cve.org/CVERecord?id=CVE-2021-38496

- https://www.cve.org/CVERecord?id=CVE-2021-38497

- https://www.cve.org/CVERecord?id=CVE-2021-38498

- https://www.cve.org/CVERecord?id=CVE-2021-38500

- https://www.cve.org/CVERecord?id=CVE-2021-38501

Topics%20covered

Topics Covered

security advisory firefox memory safety crash issue mageia

Resolution

SRPMS

- 8/core/firefox-91.2.0-1.mga8

- 8/core/firefox-l10n-91.2.0-1.mga8

- 8/core/nss-3.71.0-1.mga8

- 8/core/rootcerts-20210907.00-1.mga8

Publication date: 08 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0469.html
Type: security
CVE: CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501

Topics%20covered

Topics Covered

security advisory firefox memory safety crash issue mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here