CVE-2021-38496

CVSS v3.1 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.26 % (66^th)

Affected Products 4

Advisories 31

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2021-11-03 01:15:07
(2 years ago)
Updated Date: 2022-03-17 19:20:47
(2 years ago)

Affected Products

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox prior 93.0 version	cpe:2.3:a:mozilla:firefox		< 93.0
Mozilla Firefox Esr prior 78.15 version	cpe:2.3:a:mozilla:firefox_esr		< 78.15
Mozilla Firefox Esr from 91.0 version and prior 91.2 version	cpe:2.3:a:mozilla:firefox_esr	>= 91.0	< 91.2
Mozilla Thunderbird prior 78.15 version	cpe:2.3:a:mozilla:thunderbird		< 78.15
Mozilla Thunderbird from 91.0 version and prior 91.2 version	cpe:2.3:a:mozilla:thunderbird	>= 91.0	< 91.2

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0