{"id":"MGASA-2021-0354","summary":"Updated firefox packages fix security vulnerabilities","details":"A malicious webpage could have triggered a use-after-free in accessibility\nfeatures of a document, causing memory corruption and a potentially exploitable\ncrash when accessibility was enabled (CVE-2021-29970).\n\nMozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and\nOlli Pettay reported memory safety bugs present in Firefox ESR 78.11. Some of\nthese bugs showed evidence of memory corruption and we presume that with\nenough effort some of these could have been exploited to run arbitrary code\n(CVE-2021-29976).\n\nAn out of bounds write in ANGLE could have allowed an attacker to corrupt\nmemory leading to a potentially exploitable crash (CVE-2021-30547).\n","modified":"2026-02-02T11:07:48.098881Z","published":"2021-07-16T08:25:31Z","related":["CVE-2021-29970","CVE-2021-29976","CVE-2021-30547"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0354.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29247"},{"type":"REPORT","url":"https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/M01xJ10PkAc"},{"type":"REPORT","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes"},{"type":"REPORT","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.68_release_notes"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2021:2741"}],"affected":[{"package":{"name":"nspr","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.32-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0354.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20210525.00-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0354.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.68.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0354.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.12.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0354.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.12.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0354.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}