Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 2, 2021Rewterz Threat Alert – Evilnum APT Group – Active IOCs
June 2, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 2, 2021Rewterz Threat Alert – Evilnum APT Group – Active IOCs
June 2, 2021Severity
High
Analysis Summary
CVE-2021-29960
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the incorrect storing of filenames printed from private browsing mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain the title of a Web site visited during private browsing mode being stored on disk.
CVE-2021-29964
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when parsing a WM_COPYDATA
message. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-29958
Mozilla Firefox for iOS could allow a remote attacker to obtain sensitive information, caused by the failure to check whether a download was in normal or private browsing mode when initiated. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to share private mode cookies.
CVE-2021-29966
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2021-29967
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Information Theft
- Code Execution
- Unauthorized Access
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 88.0.0
- Mozilla Firefox ESR 78.10
- Mozilla Firefox iOS 33
- Mozilla Firefox for Android 88
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/