CVE Vulnerabilities

CVE-2021-23995

Operation on a Resource after Expiration or Release

Published: Jun 24, 2021 | Modified: Jul 02, 2021
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Weakness

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 88.0 (excluding)
Firefox_esr Mozilla * 78.10 (excluding)
Thunderbird Mozilla * 78.10 (excluding)

References