Multiple vulnerabilities in Mozilla Firefox and Firefox ESR



Published: 2021-11-02 | Updated: 2021-12-20
Risk High
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2021-43534
CVE-2021-38503
CVE-2021-38504
CVE-2021-38505
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-38510
CVE-2021-43535
CWE-ID CWE-254
CWE-200
CWE-20
CWE-119
CWE-416
CWE-357
CWE-1021
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Mozilla Firefox
Client/Desktop applications / Web browsers

Firefox ESR
Client/Desktop applications / Web browsers

Vendor Mozilla

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU57885

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in the way the post-redirect URL of the element is handled. When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 92.0 - 93.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU57886

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect implementation of the 'Copy Image Link' context menu action, which copies the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 92.0 - 93.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU57887

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of URL when parsing internationalized domain names. High bits of the characters in the URLs are sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 92.0 - 93.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU57888

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-43534

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Security features bypass

EUVDB-ID: #VU57876

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-38503

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the iframe sandbox rules were not correctly applied to XSLT stylesheets. A remote attacker can load use an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Use-after-free

EUVDB-ID: #VU57878

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-38504

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when interacting with an HTML input element's file picker dialog with webkitdirectory set. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Information disclosure

EUVDB-ID: #VU57879

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38505

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to absence of support for a new feature in Windows 10 known as Cloud Clipboard that, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats, which were not implemented in previous versions of Firefox and Firefox ESR.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU57880

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-38506

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attacks.

The vulnerability exists due to Firefox could have entered fullscreen mode without notification or warning to the user. A remote attacker can perform spoofing attacks on the browser UI.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Security features bypass

EUVDB-ID: #VU57881

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38507

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in the Opportunistic Encryption feature of HTTP2, which allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser from port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. As a result, a remote attacker can bypass Same-Origin-Policy on services hosted on other ports.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Improper Restriction of Rendered UI Layers or Frames

EUVDB-ID: #VU57882

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38508

CWE-ID: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to Firefox displays the form validity message in the correct location at the same time as a permission prompt (such as for geolocation). The validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Improper Restriction of Rendered UI Layers or Frames

EUVDB-ID: #VU57883

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38509

CWE-ID: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of an unusual sequence of attacker-controlled events. A remote attacker can display a Javascript alert() dialog with arbitrary (although unstyled) contents over top of arbitrary webpage of the attacker's choosing.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU57884

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38510

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

Description

The vulnerability allows a remote attacker to silently download dangerous files on the system.

The vulnerability exists due to the executable file warning is not presented to the user when downloading .inetloc files. A remote attacker can silently download a potentially dangerous file to the user's system.

The vulnerability affects macOS operating system only.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 93.0

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Use-after-free

EUVDB-ID: #VU57889

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-43535

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTTP/2 session object. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Firefox ESR: 91.0 - 91.2.0


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2021-49/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###