Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2377
Security Vulnerabilities fixed in Firefox 90 (MFSA 2021-28)
and Firefox ESR 78.12 (MFSA 2021-29)
14 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Firefox
Firefox ESR
Publisher: Mozilla
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30547 CVE-2021-29977 CVE-2021-29976
CVE-2021-29975 CVE-2021-29974 CVE-2021-29973
CVE-2021-29972 CVE-2021-29971 CVE-2021-29970
Reference: ASB-2021.0120
ESB-2021.2376
ESB-2021.2119
Original Bulletin:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/
- --------------------------BEGIN INCLUDED TEXT--------------------
Mozilla Foundation Security Advisory 2021-28
Security Vulnerabilities fixed in Firefox 90
Announced: July 13, 2021
Impact: high
Products: Firefox
Fixed in: Firefox 90
# CVE-2021-29970: Use-after-free in accessibility features of a document
Reporter: Irvan Kurniawan
Impact: high
Description
A malicious webpage could have triggered a use-after-free, memory corruption,
and a potentially exploitable crash.
This bug only affected Firefox when accessibility was enabled.
References
o Bug 1709976
# CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
Reporter: Arturo Mejia
Impact: high
Description
If a user had granted a permission to a webpage and saved that grant, any
webpage running on the same host - irrespective of scheme or port - would be
granted that permission.
This bug only affects Firefox for Android. Other operating systems are
unaffected.
References
o Bug 1713638
# CVE-2021-30547: Out of bounds write in ANGLE
Reporter: (Unknown)
Impact: high
Description
An out of bounds write in ANGLE could have allowed an attacker to corrupt
memory leading to a potentially exploitable crash.
References
o Bug 1715766
# CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
Reporter: Irvan Kurniawan
Impact: moderate
Description
A user-after-free vulnerability was found via testing, and traced to an
out-of-date Cairo library. Updating the library resolved the issue, and may
have remediated other, unknown security vulnerabilities as well.
References
o Bug 1696816
# CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
Reporter: Wladimir Palant working with Include Security
Impact: moderate
Description
Password autofill was enabled without user interaction on insecure websites on
Firefox for Android. This was corrected to require user interaction with the
page before a user's password would be entered by the browser's autofill
functionality.
This bug only affects Firefox for Android. Other operating systems are
unaffected.
References
o Bug 1701932
# CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
Reporter: Peter Gerber
Impact: moderate
Description
When network partitioning was enabled, e.g. as a result of Enhanced Tracking
Protection settings, a TLS error page would allow the user to override an error
on a domain which had specified HTTP Strict Transport Security (which implies
that the error should not be override-able.) This issue did not affect the
network connections, and they were correctly upgraded to HTTPS automatically.
References
o Bug 1704843
# CVE-2021-29975: Text message could be overlaid on top of another website
Reporter: Irvan Kurniawan
Impact: moderate
Description
Through a series of DOM manipulations, a message, over which the attacker had
control of the text but not HTML or formatting, could be overlaid on top of
another domain (with the new domain correctly shown in the address bar)
resulting in possible user confusion.
References
o Bug 1713259
# CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
Reporter: Mozilla developers
Impact: high
Description
Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and
Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR
78.11. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run
arbitrary code.
References
o Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
# CVE-2021-29977: Memory safety bugs fixed in Firefox 90
Reporter: Mozilla developers
Impact: high
Description
Mozilla developers Andrew McCreight, Tyson Smith, Christian Holler, and
Gabriele Svelto reported memory safety bugs present in Firefox 89. Some of
these bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.
References
o Memory safety bugs fixed in Firefox 90
- -------------------------------------------------------------------------------
Mozilla Foundation Security Advisory 2021-29
Security Vulnerabilities fixed in Firefox ESR 78.12
Announced: July 13, 2021
Impact: high
Products: Firefox ESR
Fixed in: Firefox ESR 78.12
# CVE-2021-29970: Use-after-free in accessibility features of a document
Reporter: Irvan Kurniawan
Impact: high
Description
A malicious webpage could have triggered a use-after-free, memory corruption,
and a potentially exploitable crash.
This bug only affected Firefox when accessibility was enabled.
References
o Bug 1709976
# CVE-2021-30547: Out of bounds write in ANGLE
Reporter: (Unknown)
Impact: high
Description
An out of bounds write in ANGLE could have allowed an attacker to corrupt
memory leading to a potentially exploitable crash.
References
o Bug 1715766
# CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
Reporter: Mozilla developers
Impact: high
Description
Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and
Olli Pettay reported memory safety bugs present in Firefox 89 and Firefox ESR
78.11. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run
arbitrary code.
References
o Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYO47teNLKJtyKPYoAQjMMg//d3DjI7uUI6rrnjoblGK0m21vorUrZQ1v
f5UAz/CPQ65pDPj/ui7QOM6FctKPr3yoqQQBWomtBfaatTaYHNpXgPkF9lrnGSJU
uFe39ETI1nGRJNz2ExxJ/C8TN1gfHwsJNs9BsGyj/cskmsl+FiNEvVmaXWuFiLUB
8gmu3YU27cLY5kd3bWJKIuUuqyKesxfakjHu3PFhe6WPXSmPujDrSb4fknuxtvrt
OEfS9IX6UlOlKaojc3Q7bPpe1Tx4Z3fIHyBqgtPFee/s0HPu2PNpPf8kX4asTMFJ
1GlvqLAN64sn4Bgp2iobu8eFu0IlmjvvLLf5vJmSZGWzIcRpA1YXI+JeT6gZXt6b
azFNW0btcPIVS38lAtsVCkBqPOM0BDzHcEcS+2VDxvjmeJTYzLFav3Z/BUj3yQKt
nsy8/J2fexeGoy/ZBMDnAn9mXUHR4KmKBYngq6K220Iacaz+mvxKRLxPZFOSOJkU
BoTXuhfJIDtwW3sZDnSiUCLugsrbDmBZO0KkeCqQxtLf0/VMNlA5DiZsk0acPfu7
nzbJg3xBpZCbT45vE7YDnHG/VCrxCghBC6mFEG3A21wNVc0pNfFMEEUs8IUpRlcs
JHBlSVH+ySiFeujXkqmdaxr3E+BVoQXHOpYRaMwSOVlwADTqjee2gnt4HXxU8Cw7
tDuoeYhk/a8=
=5i/D
-----END PGP SIGNATURE-----