Resource management error in Mozilla Firefox - CVE-2021-23975

 

Resource management error in Mozilla Firefox - CVE-2021-23975

Published: February 23, 2021


Vulnerability identifier: #VU50887
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-23975
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked, the browser called the sizeof function instead of using the API method that checks for invalid pointers.


How to mitigate CVE-2021-23975

Install updates from vendor's website.

Sources