CVE-2021-43535 — Vulnetix

CVE-2021-43535 PUBLISHED CVSS 8.800000190734863 HIGH

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.

EPSS 1.19% · 79.2th percentile

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.19%

79.2th percentile

Affected Products

Vendor	Product	Versions
mozilla	firefox_esr	0
Mozilla	Firefox ESR	unspecified
mozilla	firefox	0
Mozilla	Thunderbird	unspecified
Mozilla	Firefox	unspecified
mozilla	thunderbird	0
debian	debian_linux	11.0, 10.0, 9.0

Exploit Intelligence

https://www.mozilla.org/security/advisories/mfsa2021-43/ (circl)
https://www.mozilla.org/security/advisories/mfsa2021-49/ (circl)
https://www.mozilla.org/security/advisories/mfsa2021-50/ (circl)
https://bugzilla.mozilla.org/show_bug.cgi?id=1667102 (circl)
DSA-5026 (circl)
[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update (circl)
DSA-5034 (circl)
[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update (circl)

Timeline

Dec 8, 2021 CVE Published
Dec 9, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 22, 2022 EPSS Score
Sep 9, 2022 EPSS Score
Nov 2, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 19, 2023 EPSS Score
Apr 15, 2023 EPSS Score

References

Open in Interactive Console →