CVE-2021-38504 - log back

CVE-2021-38504 edited at 03 Nov 2021 16:43:15
Description
- When interacting with an HTML input element's file picker dialog with "webkitdirectory" set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
+ A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. When interacting with an HTML input element's file picker dialog with "webkitdirectory" set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
References
https://www.mozilla.org/security/advisories/mfsa2021-48/
+ https://www.mozilla.org/security/advisories/mfsa2021-50/
https://bugzilla.mozilla.org/show_bug.cgi?id=1730156
CVE-2021-38504 created at 02 Nov 2021 13:16:47
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ When interacting with an HTML input element's file picker dialog with "webkitdirectory" set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
References
+ https://www.mozilla.org/security/advisories/mfsa2021-48/
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1730156
Notes