CVE-2021-29981 - OpenCVE

An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1707774	Issue Tracking Vendor Advisory
https://security.gentoo.org/glsa/202202-03	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2021-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-36/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2021-08-17T19:12:38

Updated: 2022-02-22T00:06:32

Reserved: 2021-04-01T00:00:00

Link: CVE-2021-29981

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-17T20:15:07.730

Modified: 2022-03-16T14:56:27.980

Link: CVE-2021-29981

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "91", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "91", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91."}], "problemTypes": [{"descriptions": [{"description": "Live range splitting could have led to conflicting assignments in the JIT", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-22T00:06:32", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774"}, {"name": "GLSA-202202-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202202-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-29981", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "91"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "91"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Live range splitting could have led to conflicting assignments in the JIT"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774"}, {"name": "GLSA-202202-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202202-03"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-29981", "datePublished": "2021-08-17T19:12:38", "dateReserved": "2021-04-01T00:00:00", "dateUpdated": "2022-02-22T00:06:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2960D13-5DCE-4A97-8586-B259C31DEBFE", "versionEndExcluding": "91.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBC0787E-AD3E-4AC2-B56A-BBA460544DCE", "versionEndExcluding": "91.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91."}, {"lang": "es", "value": "Un problema presente en la asignaci\u00f3n de bajada y registro podr\u00eda haber conllevado a fallos de confusi\u00f3n de registro oscuros pero deterministas en el c\u00f3digo JITted que conllevar\u00eda un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 91 y Thunderbird versiones anteriores a 91."}], "id": "CVE-2021-29981", "lastModified": "2022-03-16T14:56:27.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-17T20:15:07.730", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202202-03"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}