April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS : Hitachi ABB Power Grids System Data Manager
September 8, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution
September 8, 2021Rewterz Threat Advisory – ICS : Hitachi ABB Power Grids System Data Manager
September 8, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution
September 8, 2021
Severity
High
Analysis Summary
CVE-2021-38495
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2021-38494
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2021-38492
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the acceptance of the mk scheme when delegating navigations to the operating system. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to launch pages and execute scripts in Internet Explorer in unprivileged mode.
CVE-2021-38491
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure of mixed-content checks to analyze opaque origins. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to load some mixed content.
CVE-2021-29993
Mozilla Firefox for Android is vulnerable to a denial of service, caused by an error when handling custom intents. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow navigations through the intent:// protocol and spoof the UI and cause the browser to crash.
CVE-2021-38493
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Denial of Service
- Bypass Security
- Unauthorized Access
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox ESR 91.0
- Mozilla Firefox ESR 78.13
- Mozilla Firefox for Android 91
Remediation
Refer to Mozilla Foundation Security Advisory 2021-38 for the patch, upgrade, or suggested workaround information.
For CVE-2021-38495
For CVE-2021-38494
For CVE-2021-38492
For CVE-2021-38491
For CVE-2021-29993
For CVE-2021-38493
