Vulnerability Details : CVE-2021-38501
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2021-38501
Probability of exploitation activity in the next 30 days: 0.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-38501
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2021-38501
-
https://www.mozilla.org/security/advisories/mfsa2021-43/
Security Vulnerabilities fixed in Firefox 93 — MozillaVendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2021-47/
Security Vulnerabilities fixed in Thunderbird 91.2 — MozillaVendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2021-45/
Security Vulnerabilities fixed in Firefox ESR 91.2 — MozillaVendor Advisory
Products affected by CVE-2021-38501
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*