Request a Demo
Rewterz
Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 2, 2021
Rewterz
Rewterz Threat Alert – Evilnum APT Group – Active IOCs
June 2, 2021

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-29960

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the incorrect storing of filenames printed from private browsing mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain the title of a Web site visited during private browsing mode being stored on disk.

CVE-2021-29964

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when parsing a WM_COPYDATA message. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-29958

Mozilla Firefox for iOS could allow a remote attacker to obtain sensitive information, caused by the failure to check whether a download was in normal or private browsing mode when initiated. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to share private mode cookies.

CVE-2021-29966

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2021-29967

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Information Theft
  • Code Execution
  • Unauthorized Access

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox 88.0.0
  • Mozilla Firefox ESR 78.10
  • Mozilla Firefox iOS 33
  • Mozilla Firefox for Android 88

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/