Main Vulnerability Database Vulnerabilities #VU50887

#VU50887 Resource management error in Mozilla Firefox - CVE-2021-23975

Published: February 23, 2021

Vulnerability identifier: #VU50887

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-23975

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked, the browser called the sizeof function instead of using the API method that checks for invalid pointers.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/

#VU50887 Resource management error in Mozilla Firefox - CVE-2021-23975

Description

Remediation

External links

Please verify you're human