VDB
CVE-2021-23975
CVE-2021-23975
PUBLISHED
The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.
EPSS 0.19% · 40.3th percentile
Risk Scores
EPSS Score
0.19%
40.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | mozjs52 | 52.3.1-0ubuntu3, 0, 52.9.1-0ubuntu0.18.04.1 |
| Ubuntu:22.04:LTS | mozjs78 | 78.13.0-1, 78.15.0-4ubuntu1, 0 |
| Ubuntu:18.04:LTS | firefox | 64.0+build3-0ubuntu0.18.04.1, 68.0.1+build1-0ubuntu0.18.04.1, 68.0.2+build1-0ubuntu0.18.04.1 |
| Ubuntu:20.04:LTS | firefox | 83.0+build2-0ubuntu0.20.04.1, 84.0+build3-0ubuntu0.20.04.1, 71.0+build5-0ubuntu1 |
| Ubuntu:16.04:LTS | firefox | *, 0, 41.0.2+build2-0ubuntu1 |
| Ubuntu:20.04:LTS | mozjs52 | 52.9.1-1ubuntu3, 52.9.1-1build1, 0 |
| Ubuntu:18.04:LTS | mozjs38 | 0, *, 38.8.0~repack1-0ubuntu4 |
| Ubuntu:20.04:LTS | mozjs68 | 0, 68.6.0-1ubuntu1, 68.6.0-1 |
Timeline
- Feb 26, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23975 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23975 third-party-advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1685145 third-party-advisory
- https://www.mozilla.org/security/advisories/mfsa2021-07/ third-party-advisory
- https://ubuntu.com/security/notices/USN-4756-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23975 third-party-advisory