Change History (6)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
comment:3 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:4 by , 3 years ago
Thank you for the warning on accessibility bugs, I have a bunch of those turned on at least one of my computers!
Note:
See TracTickets
for help on using tickets.
Various stability, functionality and security fixes:
CVE-2021-29970: Use-after-free in accessibility features of a document Reporter Irvan Kurniawan Impact high Description A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. CVE-2021-30547: Out of bounds write in ANGLE Reporter (Unknown) Impact high Description An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. References Bug 1715766 CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Reporter Mozilla developers Impact high Description Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.I am unclear what is mean by "This bug only affected Firefox when accessibility was enabled." Looking at about:config there are various accessibility features, most of which default to false. A quick google implies that each option can be turned on by the user, therefore some users might be vulnerable.
For ANGLE, as we've seen from a past report (for 78.7.1, later clarified) that is not used in linux.
But the usual memory safety bugs apply to all.