#VU55680 Out-of-bounds read in Mozilla Firefox and Firefox ESR

Published: 2021-08-10

Vulnerability identifier: #VU55680

Vulnerability risk: High


CVE-ID: CVE-2021-29988


Exploitation vector: Network

Exploit availability:

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers
Firefox ESR
Client/Desktop applications / Web browsers

Vendor: Mozilla


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when treating inline list-item element as a block element. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the system.

Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 60.0 - 90.0.2

Firefox ESR: 78.0 - 78.13.0, 68.0 - 68.12.0, 60.0 - 60.9.0

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability