When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Weakness
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 88.0 (excluding) |
| Firefox_esr | Mozilla | * | 78.10 (excluding) |
| Thunderbird | Mozilla | * | 78.10 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:78.10.0-1.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:78.10.0-1.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | thunderbird-0:78.10.0-1.el8_3 | * |
| Red Hat Enterprise Linux 8 | RedHat | firefox-0:78.10.0-1.el8_3 | * |
| Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | thunderbird-0:78.10.0-1.el8_1 | * |
| Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | firefox-0:78.10.0-1.el8_1 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | thunderbird-0:78.10.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | firefox-0:78.10.0-1.el8_2 | * |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | focal | * |
| Firefox | Ubuntu | groovy | * |
| Firefox | Ubuntu | hirsute | * |
| Firefox | Ubuntu | impish | * |
| Firefox | Ubuntu | jammy | * |
| Firefox | Ubuntu | kinetic | * |
| Firefox | Ubuntu | lunar | * |
| Firefox | Ubuntu | mantic | * |
| Firefox | Ubuntu | noble | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Firefox-esr | Ubuntu | trusty | * |
| Mozjs38 | Ubuntu | bionic | * |
| Mozjs38 | Ubuntu | esm-apps/bionic | * |
| Mozjs38 | Ubuntu | upstream | * |
| Mozjs52 | Ubuntu | bionic | * |
| Mozjs52 | Ubuntu | esm-apps/focal | * |
| Mozjs52 | Ubuntu | esm-infra/bionic | * |
| Mozjs52 | Ubuntu | focal | * |
| Mozjs52 | Ubuntu | groovy | * |
| Mozjs52 | Ubuntu | upstream | * |
| Mozjs68 | Ubuntu | esm-infra/focal | * |
| Mozjs68 | Ubuntu | focal | * |
| Mozjs68 | Ubuntu | groovy | * |
| Mozjs68 | Ubuntu | upstream | * |
| Mozjs78 | Ubuntu | esm-apps/jammy | * |
| Mozjs78 | Ubuntu | groovy | * |
| Mozjs78 | Ubuntu | hirsute | * |
| Mozjs78 | Ubuntu | impish | * |
| Mozjs78 | Ubuntu | jammy | * |
| Mozjs78 | Ubuntu | kinetic | * |
| Mozjs78 | Ubuntu | lunar | * |
| Mozjs78 | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | focal | * |
| Thunderbird | Ubuntu | groovy | * |
| Thunderbird | Ubuntu | hirsute | * |
| Thunderbird | Ubuntu | impish | * |
| Thunderbird | Ubuntu | jammy | * |
| Thunderbird | Ubuntu | kinetic | * |
| Thunderbird | Ubuntu | lunar | * |
| Thunderbird | Ubuntu | mantic | * |
| Thunderbird | Ubuntu | noble | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | xenial | * |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1699835
- https://www.mozilla.org/security/advisories/mfsa2021-14/
- https://www.mozilla.org/security/advisories/mfsa2021-15/
- https://www.mozilla.org/security/advisories/mfsa2021-16/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1699835
- https://www.mozilla.org/security/advisories/mfsa2021-14/
- https://www.mozilla.org/security/advisories/mfsa2021-15/
- https://www.mozilla.org/security/advisories/mfsa2021-16/