CVE-2021-38504 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. When interacting with an HTML input element's file picker dialog with "webkitdirectory" set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2518 | thunderbird | 91.2.1-1 | 91.3.0-1 | High | Fixed | |
| AVG-2511 | firefox | 93.0-1 | 94.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Nov 2021 | ASA-202111-3 | AVG-2518 | thunderbird | High | multiple issues |
| 05 Nov 2021 | ASA-202111-2 | AVG-2511 | firefox | High | multiple issues |
| References |
|---|
https://www.mozilla.org/security/advisories/mfsa2021-48/ https://www.mozilla.org/security/advisories/mfsa2021-50/ https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 |