Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1327 MFSA 2021-15 Security Vulnerabilities fixed in Firefox ESR 78.10 20 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox ESR Publisher: Mozilla Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-29946 CVE-2021-29945 CVE-2021-24002 CVE-2021-23999 CVE-2021-23998 CVE-2021-23995 CVE-2021-23994 CVE-2021-23961 Reference: ESB-2021.1312 ESB-2021.0350 ESB-2021.0291 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/ - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2021-15 Security Vulnerabilities fixed in Firefox ESR 78.10 Announced: April 19, 2021 Impact: high Products: Firefox ESR Fixed in: Firefox ESR 78.10 # CVE-2021-23994: Out of bound write due to lazy initialization Reporter: Abraruddin Khan and Omair Impact: high Description A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. References o Bug 1699077 # CVE-2021-23995: Use-after-free in Responsive Design Mode Reporter: Irvan Kurniawan Impact: high Description When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. References o Bug 1699835 # CVE-2021-23998: Secure Lock icon could have been spoofed Reporter: Jordi Chancel Impact: moderate Description Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. References o Bug 1667456 # CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage Reporter: Samy Kamkar, Ben Seri, and Gregory Vishnepolsky Impact: moderate Description Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. References o Bug 1677940 # CVE-2021-23999: Blob URLs may have been granted additional privileges Reporter: Nika Layzell Impact: moderate Description If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. References o Bug 1691153 # CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL Reporter: Daniel Santos Impact: moderate Description When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. References o Bug 1702374 # CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads Reporter: Christian Holler Impact: moderate Description The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected. References o Bug 1700690 # CVE-2021-29946: Port blocking could be bypassed Reporter: Frederik Braun Impact: low Description Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. References o Bug 1698503 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYH5gZuNLKJtyKPYoAQjE0g//QrnMxZ3XkfMxFk+nW7vo/GUoje3o1EJk AcbUYT6z6Oee1N2PJNcdmR5dck+dFJTv03ewM1sgl64VJq8IMxqVztuvrUmjtIla CcHV/KFqDmvkSCO9JAHW/dlTRX3xhqxsK68V4FVCGomtqsQwKlUfSOSr37ofPWYq dA6l3cAzvM1Xgx7YsQ3pDfCQ8+kmpulY7j0hgWXEsUfk6ALc3mQ6YJsELrLfOymQ A9uowfIfBqOSbjBDBqM8UcbZuA0eB7z/R5I91XJkbf1D/+q9ceB0uT8ZawfQ5sCf Sb5NcDoYxNq/QUOkL/W+FxfTNuRVYr9yPs4r/91K3YH9dPjD+shAYcUaXQ2L7SI1 VbZ2/JxRlFO5daGqOueKbivqHQaWzASeBA35VRcz5OI8ilMEM2I6GdfUHaGDBFMu 5/n/DbfrrBKP2uov/fZQn4UnrYv1wEC+D8yxcFBR+uC/4Fpba7P6UKM74ccMGQcl j4IH/vfYtHiTWCn4JsilaxX0fleMxkTkHxAwj6BvFhwpDdrZ0ZgbAnGhzLRTZrc5 RSAqyCzgY28/rpTGycJEn+DUtdWS3Vj91/wQe5Q93qFkgdQvKHRmx3l7FuuC9Wu/ 2qdoMaIscNvHDxsIMabdSVxwPwAeDvnLiU/WGzrXuCrQjJqtqjMPTRBkoThDVT9W 1ijZmhKy1Zk= =EjUy -----END PGP SIGNATURE-----