Test ID:	1.3.6.1.4.1.25623.1.0.826758
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2021-33) - Windows
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. CVE-2021-29988: Memory corruption as a result of incorrect style treatment Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. CVE-2021-29984: Incorrect instruction reordering during JIT optimization Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Mozilla developers Christoph Kerschbaumer, Olli Pettay, Sandor Molnar, and Simon Giesecke reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: Firefox version(s) below 91. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-29980 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://bugzilla.mozilla.org/show_bug.cgi?id=1722204 https://www.mozilla.org/security/advisories/mfsa2021-33/ https://www.mozilla.org/security/advisories/mfsa2021-34/ https://www.mozilla.org/security/advisories/mfsa2021-35/ https://www.mozilla.org/security/advisories/mfsa2021-36/ Common Vulnerability Exposure (CVE) ID: CVE-2021-29981 https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 Common Vulnerability Exposure (CVE) ID: CVE-2021-29982 https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 Common Vulnerability Exposure (CVE) ID: CVE-2021-29984 https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 Common Vulnerability Exposure (CVE) ID: CVE-2021-29985 https://bugzilla.mozilla.org/show_bug.cgi?id=1722083 Common Vulnerability Exposure (CVE) ID: CVE-2021-29988 https://bugzilla.mozilla.org/show_bug.cgi?id=1717922 Common Vulnerability Exposure (CVE) ID: CVE-2021-29989 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568 Common Vulnerability Exposure (CVE) ID: CVE-2021-29990 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.