CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Published: Jun 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-29945
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-682

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	88.0
mozilla / firefox_esr	-	78.10
mozilla / thunderbird	-	78.10

https://bugzilla.mozilla.org/show_bug.cgi?id=1700690
https://www.mozilla.org/security/advisories/mfsa2021-14/
https://www.mozilla.org/security/advisories/mfsa2021-15/
https://www.mozilla.org/security/advisories/mfsa2021-16/

Vulnerability Database

290,301

CVE-2021-29945