Rewterz Threat Advisory – CVE-2021-24002 – Mozilla Firefox command execution

April 20, 2021

Rewterz Threat Alert – XCSSET Mac Malware adapts to target macOS 11 and M1-based Macs – IOCs

April 20, 2021

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

April 20, 2021

Severity

High

Analysis Summary

CVE-2021-23995

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service condition on the system. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-23994

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-29947

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-23997

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system.

CVE-2021-23996

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack. Mozilla Firefox could allow a remote attacker to conduct spoofing attacks.

CVE-2021-23998

By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof a secure lock icon. Mozilla Firefox could allow a remote attacker to conduct spoofing attacks.

Impact

Unauthorized Access
Code Execution

Affected Vendors

Mozilla

Affected Products

Mozilla Thunderbird 78.9.0
Mozilla Firefox 87
Mozilla Firefox ESR 78.9

Remediation

Refer to Mozilla Foundation Security Advisory 2021-16 for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory 2021-16

Mozilla Foundation Security Advisory 2021-15

Mozilla Foundation Security Advisory 2021-14

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2021-24002 – Mozilla Firefox command execution

Rewterz Threat Alert – XCSSET Mac Malware adapts to target macOS 11 and M1-based Macs – IOCs