Operating System:

[WIN][UNIX/Linux]

Published:

20 April 2021

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2021.1327 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1327
     MFSA 2021-15 Security Vulnerabilities fixed in Firefox ESR 78.10
                               20 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Firefox ESR
Publisher:         Mozilla
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-29946 CVE-2021-29945 CVE-2021-24002
                   CVE-2021-23999 CVE-2021-23998 CVE-2021-23995
                   CVE-2021-23994 CVE-2021-23961 

Reference:         ESB-2021.1312
                   ESB-2021.0350
                   ESB-2021.0291

Original Bulletin: 
   https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/

- --------------------------BEGIN INCLUDED TEXT--------------------

Mozilla Foundation Security Advisory 2021-15

Security Vulnerabilities fixed in Firefox ESR 78.10

Announced: April 19, 2021
Impact:    high
Products:  Firefox ESR
Fixed in:  Firefox ESR 78.10

# CVE-2021-23994: Out of bound write due to lazy initialization

Reporter: Abraruddin Khan and Omair
Impact:   high

Description

A WebGL framebuffer was not initialized early enough, resulting in memory
corruption and an out of bound write.

References

  o Bug 1699077

# CVE-2021-23995: Use-after-free in Responsive Design Mode

Reporter: Irvan Kurniawan
Impact:   high

Description

When Responsive Design Mode was enabled, it used references to objects that
were previously freed. We presume that with enough effort this could have been
exploited to run arbitrary code.

References

  o Bug 1699835

# CVE-2021-23998: Secure Lock icon could have been spoofed

Reporter: Jordi Chancel
Impact:   moderate

Description

Through complicated navigations with new windows, an HTTP page could have
inherited a secure lock icon from an HTTPS page.

References

  o Bug 1667456

# CVE-2021-23961: More internal network hosts could have been probed by a
malicious webpage

Reporter: Samy Kamkar, Ben Seri, and Gregory Vishnepolsky
Impact:   moderate

Description

Further techniques that built on the slipstream research combined with a
malicious webpage could have exposed both an internal network's hosts as well
as services running on the user's local machine.

References

  o Bug 1677940

# CVE-2021-23999: Blob URLs may have been granted additional privileges

Reporter: Nika Layzell
Impact:   moderate

Description

If a Blob URL was loaded through some unusual user interaction, it could have
been loaded by the System Principal and granted additional privileges that
should not be granted to web content.

References

  o Bug 1691153

# CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
encoded URL

Reporter: Daniel Santos
Impact:   moderate

Description

When a user clicked on an FTP URL containing encoded newline characters (%0A
and %0D), the newlines would have been interpreted as such and allowed
arbitrary commands to be sent to the FTP server.

References

  o Bug 1702374

# CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
null-reads

Reporter: Christian Holler
Impact:   moderate

Description

The WebAssembly JIT could miscalculate the size of a return type, which could
lead to a null read and result in a crash.
Note: This issue only affected x86-32 platforms. Other platforms are
unaffected.

References

  o Bug 1700690

# CVE-2021-29946: Port blocking could be bypassed

Reporter: Frederik Braun
Impact:   low

Description

Ports that were written as an integer overflow above the bounds of a 16-bit
integer could have bypassed port blocking restrictions when used in the Alt-Svc
header.

References

  o Bug 1698503

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYH5gZuNLKJtyKPYoAQjE0g//QrnMxZ3XkfMxFk+nW7vo/GUoje3o1EJk
AcbUYT6z6Oee1N2PJNcdmR5dck+dFJTv03ewM1sgl64VJq8IMxqVztuvrUmjtIla
CcHV/KFqDmvkSCO9JAHW/dlTRX3xhqxsK68V4FVCGomtqsQwKlUfSOSr37ofPWYq
dA6l3cAzvM1Xgx7YsQ3pDfCQ8+kmpulY7j0hgWXEsUfk6ALc3mQ6YJsELrLfOymQ
A9uowfIfBqOSbjBDBqM8UcbZuA0eB7z/R5I91XJkbf1D/+q9ceB0uT8ZawfQ5sCf
Sb5NcDoYxNq/QUOkL/W+FxfTNuRVYr9yPs4r/91K3YH9dPjD+shAYcUaXQ2L7SI1
VbZ2/JxRlFO5daGqOueKbivqHQaWzASeBA35VRcz5OI8ilMEM2I6GdfUHaGDBFMu
5/n/DbfrrBKP2uov/fZQn4UnrYv1wEC+D8yxcFBR+uC/4Fpba7P6UKM74ccMGQcl
j4IH/vfYtHiTWCn4JsilaxX0fleMxkTkHxAwj6BvFhwpDdrZ0ZgbAnGhzLRTZrc5
RSAqyCzgY28/rpTGycJEn+DUtdWS3Vj91/wQe5Q93qFkgdQvKHRmx3l7FuuC9Wu/
2qdoMaIscNvHDxsIMabdSVxwPwAeDvnLiU/WGzrXuCrQjJqtqjMPTRBkoThDVT9W
1ijZmhKy1Zk=
=EjUy
-----END PGP SIGNATURE-----