Opened 3 years ago
Closed 3 years ago
#15638 closed enhancement (fixed)
firefox-91.2.0, js78.15.0, firefox-legacy-78.15.0
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Now available, release notes should be out in about 22 hours or so.
js/src in 78.15 is again unchanged.
Change History (4)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 3 years ago
@1a54b92b572c428ef8151dc8f38996c8472513b3
Security Advisory SA 11.0-012. For CVE-2021-32810 (91.2 but N/A in 78.15) this was a vulnerability in a rust crate (and in other crates using it) which mozilla rated as moderate but NVD had already described as High, and they changed their rating to Critical while I was preparing the advisory.
comment:4 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
As expected, some CVEs. https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/ and https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/
CVE-2021-32810: Data race in crossbeam-deque (fixed in 91.2)
Reporter Maor Kleinberger
Impact moderate
Description
In the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak.
CVE-2021-38496: Use-after-free in MessageTask (fixed in 78.15 and 91.2)
Reporter Yangkang of 360 ATA Team
Impact high
Description
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
CVE-2021-38497: Validation message could have been overlaid on another origin (fixed in 91.2)
Reporter Irvan Kurniawan
Impact moderate
Description
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.
CVE-2021-38498: Use-after-free of nsLanguageAtomService object (fixed in 91.2)
Reporter Yangkang of 360 ATA Team
Impact moderate
Description
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.
CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
Reporter Mozilla developers
Impact high
Description
Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
Reporter Mozilla developers
Impact high
Description
Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code