Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-5058-1
Vulnerability from osv_ubuntu
It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. (CVE-2021-29969)
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-30547)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-29969",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29970",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29976",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29980",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29984",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29985",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29986",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29988",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29989",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-30547",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-29969",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29970",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29976",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29980",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29984",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29985",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29986",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29988",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29989",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-30547",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "It was discovered that Thunderbird didn\u0027t ignore IMAP server responses\nprior to completion of the STARTTLS handshake. A person-in-the-middle\ncould potentially exploit this to trick Thunderbird into showing incorrect\ninformation. (CVE-2021-29969)\n\nMultiple security issues were discovered in Thunderbird. If a user were\ntricked into opening a specially crafted website in a browsing context, an\nattacker could potentially exploit these to cause a denial of service, or\nexecute arbitrary code. (CVE-2021-29970, CVE-2021-29976, CVE-2021-29980,\nCVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988,\nCVE-2021-29989, CVE-2021-30547)\n",
"id": "USN-5058-1",
"modified": "2026-04-22T07:37:00Z",
"published": "2021-08-31T12:15:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29969"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29970"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29976"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29980"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29984"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29985"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29986"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29988"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29989"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-30547"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-29969",
"UBUNTU-CVE-2021-29970",
"UBUNTU-CVE-2021-29976",
"UBUNTU-CVE-2021-29980",
"UBUNTU-CVE-2021-29984",
"UBUNTU-CVE-2021-29985",
"UBUNTU-CVE-2021-29986",
"UBUNTU-CVE-2021-29988",
"UBUNTU-CVE-2021-29989",
"UBUNTU-CVE-2021-30547"
]
}
ubuntu-cve-2021-29969
Vulnerability from osv_ubuntu
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn\u0027t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn\u0027t exist on the IMAP server. This vulnerability affects Thunderbird \u003c 78.12.",
"id": "UBUNTU-CVE-2021-29969",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-05T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29969"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29969"
}
],
"related": [
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29969"
]
}
ubuntu-cve-2021-29970
Vulnerability from osv_ubuntu
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@90.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "90.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@90.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "90.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"id": "UBUNTU-CVE-2021-29970",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-07-14T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29970"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5011-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29970"
}
],
"related": [
"USN-5011-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29970"
]
}
ubuntu-cve-2021-29976
Vulnerability from osv_ubuntu
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@90.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "90.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@90.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "90.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"id": "UBUNTU-CVE-2021-29976",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-07-14T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29976"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5011-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29976"
}
],
"related": [
"USN-5011-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29976"
]
}
ubuntu-cve-2021-29980
Vulnerability from osv_ubuntu
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1",
"90.0+build1-0ubuntu0.18.04.1",
"90.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"id": "UBUNTU-CVE-2021-29980",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-11T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29980"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5037-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29980"
}
],
"related": [
"USN-5037-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29980"
]
}
ubuntu-cve-2021-29984
Vulnerability from osv_ubuntu
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1",
"90.0+build1-0ubuntu0.18.04.1",
"90.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"id": "UBUNTU-CVE-2021-29984",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-11T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29984"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5037-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29984"
}
],
"related": [
"USN-5037-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29984"
]
}
ubuntu-cve-2021-29985
Vulnerability from osv_ubuntu
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1",
"90.0+build1-0ubuntu0.18.04.1",
"90.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"id": "UBUNTU-CVE-2021-29985",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-11T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29985"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5037-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29985"
}
],
"related": [
"USN-5037-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29985"
]
}
ubuntu-cve-2021-29986
Vulnerability from osv_ubuntu
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1",
"90.0+build1-0ubuntu0.18.04.1",
"90.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"id": "UBUNTU-CVE-2021-29986",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-11T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29986"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5037-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29986"
}
],
"related": [
"USN-5037-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29986"
]
}
ubuntu-cve-2021-29988
Vulnerability from osv_ubuntu
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1",
"90.0+build1-0ubuntu0.18.04.1",
"90.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"id": "UBUNTU-CVE-2021-29988",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-11T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29988"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5037-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29988"
}
],
"related": [
"USN-5037-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29988"
]
}
ubuntu-cve-2021-29989
Vulnerability from osv_ubuntu
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1",
"90.0+build1-0ubuntu0.18.04.1",
"90.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "91.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@91.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.13, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"id": "UBUNTU-CVE-2021-29989",
"modified": "2026-04-22T07:40:00Z",
"published": "2021-08-11T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29989"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5037-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29989"
}
],
"related": [
"USN-5037-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-29989"
]
}
ubuntu-cve-2021-30547
Vulnerability from osv_ubuntu
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "chromium-browser",
"binary_version": "91.0.4472.101-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-browser-l10n",
"binary_version": "91.0.4472.101-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-chromedriver",
"binary_version": "91.0.4472.101-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg",
"binary_version": "91.0.4472.101-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra",
"binary_version": "91.0.4472.101-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "chromium-browser",
"purl": "pkg:deb/ubuntu/chromium-browser@91.0.4472.101-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91.0.4472.101-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"61.0.3163.100-0ubuntu1.1378",
"62.0.3202.62-0ubuntu0.17.10.1380",
"62.0.3202.89-0ubuntu1.1386",
"62.0.3202.94-0ubuntu1.1388",
"63.0.3239.84-0ubuntu1",
"63.0.3239.108-0ubuntu1",
"64.0.3282.119-0ubuntu1",
"64.0.3282.140-0ubuntu1",
"64.0.3282.167-0ubuntu1",
"65.0.3325.146-0ubuntu1",
"65.0.3325.181-0ubuntu1",
"66.0.3359.139-0ubuntu0.18.04.3",
"66.0.3359.181-0ubuntu0.18.04.1",
"67.0.3396.99-0ubuntu0.18.04.1",
"68.0.3440.75-0ubuntu0.18.04.1",
"68.0.3440.106-0ubuntu0.18.04.1",
"69.0.3497.81-0ubuntu0.18.04.1",
"70.0.3538.67-0ubuntu0.18.04.1",
"70.0.3538.77-0ubuntu0.18.04.1",
"70.0.3538.110-0ubuntu0.18.04.1",
"71.0.3578.80-0ubuntu0.18.04.1",
"71.0.3578.98-0ubuntu0.18.04.1",
"72.0.3626.119-0ubuntu0.18.04.1",
"72.0.3626.121-0ubuntu0.18.04.1",
"73.0.3683.75-0ubuntu0.18.04.1",
"73.0.3683.86-0ubuntu0.18.04.1",
"74.0.3729.169-0ubuntu0.18.04.1",
"75.0.3770.90-0ubuntu0.18.04.1",
"75.0.3770.142-0ubuntu0.18.04.1",
"76.0.3809.87-0ubuntu0.18.04.1",
"76.0.3809.100-0ubuntu0.18.04.1",
"77.0.3865.90-0ubuntu0.18.04.1",
"78.0.3904.70-0ubuntu0.18.04.2",
"78.0.3904.97-0ubuntu0.18.04.1",
"78.0.3904.108-0ubuntu0.18.04.1",
"79.0.3945.79-0ubuntu0.18.04.1",
"79.0.3945.130-0ubuntu0.18.04.1",
"80.0.3987.87-0ubuntu0.18.04.1",
"80.0.3987.149-0ubuntu0.18.04.1",
"80.0.3987.163-0ubuntu0.18.04.1",
"81.0.4044.122-0ubuntu0.18.04.1",
"81.0.4044.138-0ubuntu0.18.04.1",
"83.0.4103.61-0ubuntu0.18.04.1",
"84.0.4147.105-0ubuntu0.18.04.1",
"85.0.4183.83-0ubuntu0.18.04.2",
"85.0.4183.121-0ubuntu0.18.04.1",
"86.0.4240.75-0ubuntu0.18.04.1",
"86.0.4240.198-0ubuntu0.18.04.1",
"87.0.4280.66-0ubuntu0.18.04.1",
"89.0.4389.82-0ubuntu0.18.04.1",
"89.0.4389.90-0ubuntu0.18.04.2",
"90.0.4430.72-0ubuntu0.18.04.1",
"90.0.4430.93-0ubuntu0.18.04.1",
"91.0.4472.77-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "90.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@90.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "90.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2",
"88.0+build2-0ubuntu0.18.04.2",
"88.0.1+build1-0ubuntu0.18.04.2",
"89.0+build2-0ubuntu0.18.04.2",
"89.0.1+build1-0ubuntu0.18.04.1",
"89.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "90.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@90.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "90.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.13.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.13.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"id": "UBUNTU-CVE-2021-30547",
"modified": "2026-04-22T07:40:01Z",
"published": "2021-06-15T22:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-30547"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5011-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5058-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30547"
}
],
"related": [
"USN-5011-1",
"USN-5058-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-30547"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.