Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2021-0551 Moderate: Firefox Memory Corruption and Spoofing Risks

mageia
Calendar Grey December 10, 2021
Dist Mageia Esm H88
The security notice MGASA-2021-0551 regarding the Firefox update for Mageia highlights urgent vulnerabilities that must be addressed without delay.
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL (CVE-2021-43536)

Summary

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL (CVE-2021-43536).
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash due to a heap buffer overflow when using structured clone (CVE-2021-43537).
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received both full screen and pointer lock access, which could have been used for spoofing attacks (CVE-2021-43538).
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash (CVE-2021-43539).
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped (CVE-2021-43541...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29734

- https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/

- https://access.redhat.com/errata/RHSA-2021:5013

- https://www.cve.org/CVERecord?id=CVE-2021-43536

- https://www.cve.org/CVERecord?id=CVE-2021-43537

- https://www.cve.org/CVERecord?id=CVE-2021-43538

- https://www.cve.org/CVERecord?id=CVE-2021-43539

- https://www.cve.org/CVERecord?id=CVE-2021-43541

- https://www.cve.org/CVERecord?id=CVE-2021-43542

- https://www.cve.org/CVERecord?id=CVE-2021-43543

- https://www.cve.org/CVERecord?id=CVE-2021-43545

- https://www.cve.org/CVERecord?id=CVE-2021-43546

Topics%20covered

Topics Covered

security advisory memory corruption moderate severity Mageia spoofing risk

Resolution

SRPMS

- 8/core/firefox-91.4.0-1.mga8

- 8/core/firefox-l10n-91.4.0-1.mga8

Severity
medium
Lowest
Low
Medium
High
Critical

Publication date: 10 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0551.html
Type: security
CVE: CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546

Topics%20covered

Topics Covered

security advisory memory corruption moderate severity Mageia spoofing risk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here