Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox_esr
(Mozilla)| Repositories | https://github.com/libevent/libevent |
| #Vulnerabilities | 747 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-24 | CVE-2021-24002 | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2021-06-24 | CVE-2021-29945 | The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2021-06-24 | CVE-2021-29946 | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2021-06-24 | CVE-2021-29951 | The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability... | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2021-06-24 | CVE-2021-29955 | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. | Firefox, Firefox_esr | 5.3 | ||
| 2021-06-24 | CVE-2021-29964 | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | Firefox, Firefox_esr, Thunderbird | 7.1 | ||
| 2021-06-24 | CVE-2021-29967 | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2021-08-05 | CVE-2021-29970 | A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2021-08-05 | CVE-2021-29976 | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2021-08-17 | CVE-2021-29980 | Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | Firefox, Firefox_esr, Thunderbird | 8.8 |