Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Linux Kernel Privilege Escalation
April 20, 2021
Rewterz
Rewterz Threat Alert – XCSSET Mac Malware adapts to target macOS 11 and M1-based Macs – IOCs
April 20, 2021

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-23995

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service condition on the system. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-23994

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-29947

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-23997

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-23996

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack. Mozilla Firefox could allow a remote attacker to conduct spoofing attacks.

CVE-2021-23998

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof a secure lock icon. Mozilla Firefox could allow a remote attacker to conduct spoofing attacks.

Impact

  • Unauthorized Access
  • Code Execution

Affected Vendors

Mozilla

Affected Products

  • Mozilla Thunderbird 78.9.0
  • Mozilla Firefox 87
  • Mozilla Firefox ESR 78.9

Remediation

Refer to Mozilla Foundation Security Advisory 2021-16 for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory 2021-16

Mozilla Foundation Security Advisory 2021-15

Mozilla Foundation Security Advisory 2021-14