{"id":"MGASA-2021-0425","summary":"Updated firefox packages fix security vulnerability","details":"Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety\nbugs present in Firefox ESR 78.13. Some of these bugs showed evidence of\nmemory corruption and we presume that with enough effort some of these\ncould have been exploited to run arbitrary code (CVE-2021-38493).\n\nThe firefox package has been updated to the 91ESR branch.  See the\nupstream release notes for details.\n","modified":"2026-04-16T00:11:31.689180829Z","published":"2021-09-23T04:49:29Z","upstream":["CVE-2021-38493"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0425.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29373"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_70.html"},{"type":"WEB","url":"https://support.mozilla.org/kb/firefox-enterprise-91-release-notes"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/91.0esr/releasenotes/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/91.0.1esr/releasenotes/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.1.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0425.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.1.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0425.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.70.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0425.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}