Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-38504

Опубликовано: 08 дек. 2021
Источник: debian

Описание

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed94.0-1package
firefox-esrfixed91.3.0esr-1package
thunderbirdfixed1:91.3.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504

  • https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504

  • https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504

Связанные уязвимости

ubuntu логотип

CVE-2021-38504

CVSS3: 8.8
ubuntu
больше 3 лет назад

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

redhat логотип

CVE-2021-38504

CVSS3: 8.8
redhat
почти 4 года назад

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

nvd логотип

CVE-2021-38504

CVSS3: 8.8
nvd
больше 3 лет назад

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

github логотип

GHSA-53f7-m98p-5ggp

CVSS3: 8.8
github
больше 3 лет назад

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

fstec логотип

BDU:2021-05696

CVSS3: 7.5
fstec
почти 4 года назад

Уязвимость веб-браузера Firefox и почтового клиента Thunderbird, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании