CVE-2021-23995
Last modified
CVE-2021-23995 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. EPSS estimates a 1.21% chance of exploitation in the next 30 days.
Description
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 88.0 |
| Mozilla | Firefox Esr | < 78.10 |
| Mozilla | Thunderbird | < 78.10 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1699835Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-14/Release Notes, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-15/Release Notes, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-16/Release Notes, Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1699835Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-14/Release Notes, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-15/Release Notes, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-16/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-23995?
How severe is CVE-2021-23995?
How do I fix CVE-2021-23995?
Are you affected by CVE-2021-23995?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST