Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021-21267 – Node.js schema-inspector module denial of service
March 22, 2021
Rewterz
Rewterz Threat Alert – Social Engineering Attacks on the Rise
March 24, 2021

Rewterz Threat Advisory – Multiple Mozilla Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-23988

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2021-23986

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the installation of a new search engine whose favicon referenced a cross-origin URL by a malicious extension with the ‘search’ permission. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass a same-origin policy and obtain limited local-network resources.

CVE-2021-23985

Mozilla Firefox could allow a remote authenticated attacker to bypass security restrictions, caused by the enablement of the Devtools remote bugging feature. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to monitor the user’s browsing activity and (plaintext) network traffic.

CVE-2021-23984

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a malicious extension opening a popup window. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the Web site and attempt to trick the user into providing credentials.

CVE-2021-23983

Mozilla Firefox is vulnerable to a denial of service, caused by an error when applying transitions for invalid marker properties. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt memory and cause the browser to crash.

CVE-2021-23982

Mozilla Firefox could provide weaker than expected security when using techniques that built on the slipstream research. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to probe internal network hosts.

CVE-2021-23987

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Arbitrary code execution
  • Denial of service
  • Bypass Security

Affected Vendors

Mozilla

Affected Products

Mozilla Firefox 86

Remediation

Refer to Mozilla Foundation Security Advisory 2021-10 for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory 2021-10