VDB
CVE-2021-29990
CVE-2021-29990
PUBLISHED
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.
EPSS 0.44% · 63.2th percentile
Risk Scores
EPSS Score
0.44%
63.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | mozjs68 | 68.5.0-1~fakesync, *, 68.6.0-1ubuntu1 |
| Ubuntu:18.04:LTS | mozjs52 | 0, 52.3.1-7fakesync1, 52.9.1-0ubuntu0.18.04.1 |
| Ubuntu:18.04:LTS | firefox | 63.0.3+build1-0ubuntu0.18.04.1, 66.0+build3-0ubuntu0.18.04.1, 66.0.1+build1-0ubuntu0.18.04.1 |
| Ubuntu:20.04:LTS | mozjs52 | 52.9.1-1build1, 0, 52.9.1-1ubuntu3 |
| Ubuntu:22.04:LTS | mozjs78 | 0, 78.15.0-4ubuntu1, 78.13.0-1 |
| Ubuntu:18.04:LTS | mozjs38 | 38.8.0~repack1-0ubuntu3, 38.8.0~repack1-0ubuntu4, 38.8.0~repack1-0ubuntu1 |
| Ubuntu:20.04:LTS | firefox | *, *, * |
Timeline
- Aug 11, 2021 CVE Published
- Aug 18, 2021 EPSS Score
- Oct 15, 2021 EPSS Score
- Dec 12, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Feb 22, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 6, 2022 EPSS Score
- Jun 3, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-29990 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990 third-party-advisory
- https://ubuntu.com/security/notices/USN-5037-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-29990 third-party-advisory