Request a Demo
Rewterz
Rewterz Threat Advisory – ICS : Hitachi ABB Power Grids System Data Manager
September 8, 2021
Rewterz
Rewterz Threat Advisory – ICS: Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution
September 8, 2021

Rewterz Threat Advisory – CVE-2021-3766 – Node.js Security Vulnerability

Severity

High

Analysis Summary

CVE-2021-38495

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2021-38494

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2021-38492

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the acceptance of the mk scheme when delegating navigations to the operating system. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to launch pages and execute scripts in Internet Explorer in unprivileged mode.

CVE-2021-38491

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure of mixed-content checks to analyze opaque origins. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to load some mixed content.

CVE-2021-29993

Mozilla Firefox for Android is vulnerable to a denial of service, caused by an error when handling custom intents. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow navigations through the intent:// protocol and spoof the UI and cause the browser to crash.

CVE-2021-38493

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Code Execution
  • Denial of Service
  • Bypass Security
  • Unauthorized Access

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox ESR 91.0
  • Mozilla Firefox ESR 78.13
  • Mozilla Firefox for Android 91

Remediation

Refer to Mozilla Foundation Security Advisory 2021-38 for the patch, upgrade, or suggested workaround information.

For CVE-2021-38495

https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/

For CVE-2021-38494

https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/

For CVE-2021-38492

https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/

For CVE-2021-38491

https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/

For CVE-2021-29993

https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/

For CVE-2021-38493

https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/