Arch Linux Security Advisory ASA-202108-14
=========================================
Severity: High
Date    : 2021-08-11
CVE-ID  : CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29984
          CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988
          CVE-2021-29989 CVE-2021-29990
Package : firefox
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2269

Summary
======
The package firefox before version 91.0-1 is vulnerable to multiple
issues including arbitrary code execution, content spoofing and
information disclosure.

Resolution
=========
Upgrade to 91.0-1.

# pacman -Syu "firefox>=91.0-1"

The problems have been fixed upstream in version 91.0.

Workaround
=========
None.

Description
==========
- CVE-2021-29980 (arbitrary code execution)

A security issue has been found in Firefox before version 91 and
Thunderbird before version 78.13. Uninitialized memory in a canvas
object could have caused an incorrect free() leading to memory
corruption and a potentially exploitable crash.

- CVE-2021-29981 (arbitrary code execution)

A security issue has been found in Firefox and Thunderbird before
version 91. An issue present in lowering/register allocation could have
led to obscure but deterministic register confusion failures in JITted
code that would lead to a potentially exploitable crash.

- CVE-2021-29982 (information disclosure)

A security issue has been found in Firefox and Thunderbird before
version 91. Due to incorrect JIT optimization, it incorrectly
interpreted data from the wrong type of object, resulting in the
potential leak of a single bit of memory.

- CVE-2021-29984 (arbitrary code execution)

A security issue has been found in Firefox before version 91 and
Thunderbird before version 78.13. Instruction reordering resulted in a
sequence of instructions that would cause an object to be incorrectly
considered during garbage collection. This led to memory corruption and
a potentially exploitable crash.

- CVE-2021-29985 (arbitrary code execution)

A security issue has been found in Firefox before version 91 and
Thunderbird before version 78.13. A use-after-free vulnerability in
media channels could have led to memory corruption and a potentially
exploitable crash.

- CVE-2021-29986 (arbitrary code execution)

A security issue has been found in Firefox before version 91 and
Thunderbird before version 78.13. A suspected race condition when
calling getaddrinfo() led to memory corruption and a potentially
exploitable crash.

- CVE-2021-29987 (content spoofing)

A security issue has been found in Firefox and Thunderbird before
version 91. After requesting multiple permissions, and closing the
first permission panel, subsequent permission panels will be displayed
in a different position but still record a click in the default
location, making it possible to trick a user into accepting a
permission they did not want to.

- CVE-2021-29988 (arbitrary code execution)

Firefox before version 91 and Thunderbird before version 78.13
incorrectly treated an inline list-item element as a block element,
resulting in an out of bounds read or memory corruption, and a
potentially exploitable crash.

- CVE-2021-29989 (arbitrary code execution)

Mozilla developers reported memory safety bugs present in Firefox 90
and Thunderbird 78.12. Some of these bugs showed evidence of memory
corruption and Mozilla presumes that with enough effort some of these
could have been exploited to run arbitrary code.

- CVE-2021-29990 (arbitrary code execution)

Mozilla developers and community members reported memory safety bugs
present in Firefox 90. Some of these bugs showed evidence of memory
corruption and Mozilla presumes that with enough effort some of these
could have been exploited to run arbitrary code.

Impact
=====
A remote attacker could execute arbitrary code or trick the user into
accepting additional site permissions through maliciously crafted web
content.

References
=========
https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-35/
https://bugzilla.mozilla.org/show_bug.cgi?id=1722204
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/
https://bugzilla.mozilla.org/show_bug.cgi?id=1707774
https://bugzilla.mozilla.org/show_bug.cgi?id=1715318
https://bugzilla.mozilla.org/show_bug.cgi?id=1720031
https://bugzilla.mozilla.org/show_bug.cgi?id=1722083
https://bugzilla.mozilla.org/show_bug.cgi?id=1696138
https://bugzilla.mozilla.org/show_bug.cgi?id=1716129
https://bugzilla.mozilla.org/show_bug.cgi?id=1717922
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073
https://security.archlinux.org/CVE-2021-29980
https://security.archlinux.org/CVE-2021-29981
https://security.archlinux.org/CVE-2021-29982
https://security.archlinux.org/CVE-2021-29984
https://security.archlinux.org/CVE-2021-29985
https://security.archlinux.org/CVE-2021-29986
https://security.archlinux.org/CVE-2021-29987
https://security.archlinux.org/CVE-2021-29988
https://security.archlinux.org/CVE-2021-29989
https://security.archlinux.org/CVE-2021-29990

ArchLinux: 202108-14: firefox: multiple issues

August 13, 2021

Summary

- CVE-2021-29980 (arbitrary code execution) A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.
- CVE-2021-29981 (arbitrary code execution)
A security issue has been found in Firefox and Thunderbird before version 91. An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash.
- CVE-2021-29982 (information disclosure)
A security issue has been found in Firefox and Thunderbird before version 91. Due to incorrect JIT optimization, it incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory.
- CVE-2021-29984 (arbitrary code execution)
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.
- CVE-2021-29985 (arbitrary code execution)
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash.
- CVE-2021-29986 (arbitrary code execution)
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. A suspected race condition when calling getaddrinfo() led to memory corruption and a potentially exploitable crash.
- CVE-2021-29987 (content spoofing)
A security issue has been found in Firefox and Thunderbird before version 91. After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.
- CVE-2021-29988 (arbitrary code execution)
Firefox before version 91 and Thunderbird before version 78.13 incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.
- CVE-2021-29989 (arbitrary code execution)
Mozilla developers reported memory safety bugs present in Firefox 90 and Thunderbird 78.12. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code.
- CVE-2021-29990 (arbitrary code execution)
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code.

Resolution

Upgrade to 91.0-1. # pacman -Syu "firefox>=91.0-1"
The problems have been fixed upstream in version 91.0.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-35/ https://bugzilla.mozilla.org/show_bug.cgi?id=1722204 https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/ https://bugzilla.mozilla.org/show_bug.cgi?id=1707774 https://bugzilla.mozilla.org/show_bug.cgi?id=1715318 https://bugzilla.mozilla.org/show_bug.cgi?id=1720031 https://bugzilla.mozilla.org/show_bug.cgi?id=1722083 https://bugzilla.mozilla.org/show_bug.cgi?id=1696138 https://bugzilla.mozilla.org/show_bug.cgi?id=1716129 https://bugzilla.mozilla.org/show_bug.cgi?id=1717922 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073 https://security.archlinux.org/CVE-2021-29980 https://security.archlinux.org/CVE-2021-29981 https://security.archlinux.org/CVE-2021-29982 https://security.archlinux.org/CVE-2021-29984 https://security.archlinux.org/CVE-2021-29985 https://security.archlinux.org/CVE-2021-29986 https://security.archlinux.org/CVE-2021-29987 https://security.archlinux.org/CVE-2021-29988 https://security.archlinux.org/CVE-2021-29989 https://security.archlinux.org/CVE-2021-29990

Severity
CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988
CVE-2021-29989 CVE-2021-29990
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2269

Workaround

None.

Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved