{"id":"MGASA-2021-0236","summary":"Updated firefox packages fix a security vulnerability","details":"Updated firefox packages fix a security vulnerability:\n\nMozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis,\nChristian Holler reported memory safety bugs present in Firefox 88 and\nFirefox ESR 78.11. Some of these bugs showed evidence of memory\ncorruption and we presume that with enough effort some of these could\nhave been exploited to run arbitrary code (CVE-2021-29967).\n\nMemory safety bugs fixed in Firefox 89 and Firefox ESR 78.11\n\nThis update also fixes:\n- Unable to connect to Element with the firefox ESR packaged by Mageia\n  (Bug 28755).\n- Crashes on certain webpages with our packaged version (Bug 28652).\n- Some connections to websites like Santander Bank (Bug 28359).\n- Neither audio nor video with BigBlueButton and other WebRTC services\n  with our packaged version of Firefox ESR (Bug 27374).\n","modified":"2026-02-01T19:33:36.259714Z","published":"2021-06-08T14:33:02Z","related":["CVE-2021-29967"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0236.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29064"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28755"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28652"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28359"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27374"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/78.10.1/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/78.11.0/releasenotes/"},{"type":"REPORT","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/4eyMP8SrUGk"},{"type":"REPORT","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.65_release_notes"},{"type":"REPORT","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.66_release_notes"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2021:2206"}],"affected":[{"package":{"name":"nspr","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.31-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20210525.00-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"nss","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.66.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.11.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.11.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.31-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20210525.00-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.66.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.11.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.11.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0236.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}