Arch Linux Security Advisory ASA-202112-8
========================================
Severity: High
Date    : 2021-12-11
CVE-ID  : CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539
          CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543
          CVE-2021-43545 CVE-2021-43546
Package : firefox
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2606

Summary
======
The package firefox before version 95.0-1 is vulnerable to multiple
issues including arbitrary code execution, content spoofing,
information disclosure, access restriction bypass, incorrect
calculation, sandbox escape and denial of service.

Resolution
=========
Upgrade to 95.0-1.

# pacman -Syu "firefox>=95.0-1"

The problems have been fixed upstream in version 95.0.

Workaround
=========
None.

Description
==========
- CVE-2021-43536 (information disclosure)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Under certain circumstances,
asynchronous functions could have caused a navigation to fail but
expose the target URL.

- CVE-2021-43537 (arbitrary code execution)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. An incorrect type conversion of
sizes from 64bit to 32bit integers allowed an attacker to corrupt
memory leading to a potentially exploitable crash.

- CVE-2021-43538 (content spoofing)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. By misusing a race in the
notification code, an attacker could have forcefully hidden the
notification for pages that had received full screen and pointer lock
access, which could have been used for spoofing attacks.

- CVE-2021-43539 (arbitrary code execution)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Failure to correctly record the
location of live pointers across wasm instance calls resulted in a
garbage collection occurring within the call not tracing those live
pointers. This could have led to a use-after-free causing a potentially
exploitable crash.

- CVE-2021-43540 (access restriction bypass)

A security issue has been found in Firefox before version 95.
WebExtensions with the correct permissions were able to create and
install ServiceWorkers for third-party websites that would not have
been uninstalled with the extension.

- CVE-2021-43541 (incorrect calculation)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. When invoking protocol handlers for
external protocols, a supplied parameter URL containing spaces was not
properly escaped.

- CVE-2021-43542 (information disclosure)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker
could have identified installed applications by probing error messages
for loading external protocols.

- CVE-2021-43543 (sandbox escape)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Documents loaded with the CSP
sandbox directive could have escaped the sandbox's script restriction
by embedding additional content.

- CVE-2021-43545 (denial of service)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Using the Location API in a loop
could have caused severe application hangs and crashes.

- CVE-2021-43546 (content spoofing)

A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. It was possible to recreate previous
cursor spoofing attacks against users with a zoomed native cursor.

Impact
=====
A remote attacker could execute arbitrary code, disclose sensitive
information, spoof content or crash the application through crafted web
content.

References
=========
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/
https://bugzilla.mozilla.org/show_bug.cgi?id=1730120
https://bugzilla.mozilla.org/show_bug.cgi?id=1738237
https://bugzilla.mozilla.org/show_bug.cgi?id=1739091
https://bugzilla.mozilla.org/show_bug.cgi?id=1739683
https://bugzilla.mozilla.org/show_bug.cgi?id=1636629
https://bugzilla.mozilla.org/show_bug.cgi?id=1696685
https://bugzilla.mozilla.org/show_bug.cgi?id=1723281
https://bugzilla.mozilla.org/show_bug.cgi?id=1738418
https://bugzilla.mozilla.org/show_bug.cgi?id=1720926
https://bugzilla.mozilla.org/show_bug.cgi?id=1737751
https://security.archlinux.org/CVE-2021-43536
https://security.archlinux.org/CVE-2021-43537
https://security.archlinux.org/CVE-2021-43538
https://security.archlinux.org/CVE-2021-43539
https://security.archlinux.org/CVE-2021-43540
https://security.archlinux.org/CVE-2021-43541
https://security.archlinux.org/CVE-2021-43542
https://security.archlinux.org/CVE-2021-43543
https://security.archlinux.org/CVE-2021-43545
https://security.archlinux.org/CVE-2021-43546

ArchLinux: 202112-8: firefox: multiple issues

December 12, 2021

Summary

- CVE-2021-43536 (information disclosure) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.
- CVE-2021-43537 (arbitrary code execution)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.
- CVE-2021-43538 (content spoofing)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. By misusing a race in the notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.
- CVE-2021-43539 (arbitrary code execution)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Failure to correctly record the location of live pointers across wasm instance calls resulted in a garbage collection occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash.
- CVE-2021-43540 (access restriction bypass)
A security issue has been found in Firefox before version 95. WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension.
- CVE-2021-43541 (incorrect calculation)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.
- CVE-2021-43542 (information disclosure)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.
- CVE-2021-43543 (sandbox escape)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
- CVE-2021-43545 (denial of service)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using the Location API in a loop could have caused severe application hangs and crashes.
- CVE-2021-43546 (content spoofing)
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.

Resolution

Upgrade to 95.0-1. # pacman -Syu "firefox>=95.0-1"
The problems have been fixed upstream in version 95.0.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/ https://bugzilla.mozilla.org/show_bug.cgi?id=1730120 https://bugzilla.mozilla.org/show_bug.cgi?id=1738237 https://bugzilla.mozilla.org/show_bug.cgi?id=1739091 https://bugzilla.mozilla.org/show_bug.cgi?id=1739683 https://bugzilla.mozilla.org/show_bug.cgi?id=1636629 https://bugzilla.mozilla.org/show_bug.cgi?id=1696685 https://bugzilla.mozilla.org/show_bug.cgi?id=1723281 https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 https://bugzilla.mozilla.org/show_bug.cgi?id=1720926 https://bugzilla.mozilla.org/show_bug.cgi?id=1737751 https://security.archlinux.org/CVE-2021-43536 https://security.archlinux.org/CVE-2021-43537 https://security.archlinux.org/CVE-2021-43538 https://security.archlinux.org/CVE-2021-43539 https://security.archlinux.org/CVE-2021-43540 https://security.archlinux.org/CVE-2021-43541 https://security.archlinux.org/CVE-2021-43542 https://security.archlinux.org/CVE-2021-43543 https://security.archlinux.org/CVE-2021-43545 https://security.archlinux.org/CVE-2021-43546

Severity
CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543
CVE-2021-43545 CVE-2021-43546
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2606

Workaround

None.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved