Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1897 MFSA 2021-23 Security Vulnerabilities fixed in Firefox 89 2 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Publisher: Mozilla Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-29967 CVE-2021-29966 CVE-2021-29965 CVE-2021-29964 CVE-2021-29963 CVE-2021-29962 CVE-2021-29961 CVE-2021-29960 CVE-2021-29959 Reference: ESB-2021.1896 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/ - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2021-23 Security Vulnerabilities fixed in Firefox 89 Announced: June 1, 2021 Impact: high Products: Firefox Fixed in: Firefox 89 # CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain spoofing Reporter: Harshit Mahendra Impact: high Description A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are unaffected. References o Bug 1709257 # CVE-2021-29960: Filenames printed from private browsing mode incorrectly retained in preferences Reporter: Sebastian Hengst Impact: moderate Description Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. References o Bug 1675965 # CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling Reporter: Irvan Kurniawan Impact: moderate Description When styling and rendering an oversized <select> element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. References o Bug 1700235 # CVE-2021-29963: Shared cookies for search suggestions in private browsing mode Reporter: Wladimir Palant working with Include Security Impact: moderate Description Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected. References o Bug 1705068 # CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message Reporter: Ronald Crane Impact: moderate Description A locally-installed hostile program could send WM_COPYDATA messages that Firefox would process incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected. References o Bug 1706501 # CVE-2021-29959: Devices could be re-enabled without additional permission prompt Reporter: Jan-Ivar Bruaroey Impact: low Description When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. References o Bug 1395819 # CVE-2021-29962: No rate-limiting for popups on Firefox for Android Reporter: Wladimir Palant working with Include Security Impact: low Description Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected. References o Bug 1701673 # CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 Reporter: Mozilla developers and community Impact: high Description Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis, Gabriele Svelto reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 # CVE-2021-29966: Memory safety bugs fixed in Firefox 89 Reporter: Mozilla developers and community Impact: moderate Description Mozilla developers Christian Holler, Tooru Fujisawa, Tyson Smith reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 89 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYLb75eNLKJtyKPYoAQjy6A/+M4QkHHXo9o2oNiZ7eNbX+ETJFAngUxRS 0uVoREHjqx5wwx4QEgNoU2dCMp4wTzlIzpOYGoxzYYwF/158v9LMoKS/oxpB15MA ohrIflwh2WmMXt+ghC9UqGzj7EOmkJCyJsUWm9s/XuWmznGdfVVogDy1ghxglDon 1a3/FhkWET1oJEb5q1sTir94ZyXKxn2HaSJSrQnfhuZLrV12of9SrheBTib2I2eN Ec29cuZ9a+JwOCCseWwmny0mQoS5sI3VJss0NMLLmT5F3PqR5riQaCS94oipqZRo xhcpdpme8kJLmbs+3zSKKv1wtmAbuCCboPrpqyCJqtNgrpCrji0jE3eb/ZfWMuhz mNaZ1KdYchwAjFhLAsaSJOSGBFcHWxC5zOzVKt+r/ZZS+HfzP2rnjyzJSDv4CoeF yPVmsYjcR5xWFB1Wwx7dbwZhczYJe8RRPxFb6Uhh8qaKNAQ0DJ5JdQxgbw8z+L2l 0bO0yLHoLhrmqur9r66vRPpHg735GgcLgsBMmwgwFrbGEFxCQwtBC9itH2YvGYGh gRJ4umWz+mU8xT+TKz1eM8PJRHXRhvikpIywHyTGsWkcFRXxqw1IIgc4ic1PR8LQ IQJwmKNZbMXZ0zN95jYtNgcKmAoo6uu9fLrs8HTQH2ypO1VZe7LSWcsr2NpqPZX0 mBP+CqvljeI= =K5Kx -----END PGP SIGNATURE-----