Rewterz Threat Alert – APT34 (OilRig) – IOCs
July 14, 2021Rewterz Threat Advisory – Multiple Apache Vulnerabilities
July 14, 2021Rewterz Threat Alert – APT34 (OilRig) – IOCs
July 14, 2021Rewterz Threat Advisory – Multiple Apache Vulnerabilities
July 14, 2021Severity
High
Analysis Summary
CVE-2021-29969
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by the failure to ignore injected data when configured to use STARTTLS for an IMAP connection and the injection of IMAP server responses prior to the completion of the STARTTLS handshake. A remote attacker could exploit this vulnerability to view folders that didn’t exist on the IMAP server.
CVE-2021-29970
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in accessibility features of a document. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service
CVE-2021-29969
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by the failure to ignore injected data when configured to use STARTTLS for an IMAP connection and the injection of IMAP server responses prior to the completion of the STARTTLS handshake. A remote attacker could exploit this vulnerability to view folders that didn’t exist on the IMAP server.
CVE-2021-29970
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in accessibility features of a document. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service
CVE-2021-29976
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2021-29977
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2021-29972
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in an out-of-date Cairo library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2021-29975
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when overlaying text messages on top of another domain. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause user confusion.
CVE-2021-29974
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the enablement of network partitioning. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to override an error on a domain which had specified HTTP Strict Transport Security.
CVE-2021-29973
Mozilla Firefox for Android could allow a remote attacker to bypass security restrictions, caused by the enablement of the password autofill on HTTP websites without user interaction. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-29971
Mozilla Firefox for Android could allow a remote attacker to bypass security restrictions. When the user grants permission to a webpage and saves that grant, an attacker could exploit this vulnerability to gain the permission irrespective of scheme or port.
Impact
- Bypass Security
- Denial of Service
- Code Execution
- Unauthorized Access
Affected Vendors
Mozilla
Mozilla Thunderbird 78.11
Mozilla Firefox 89.0
Mozilla Firefox ESR 78.11
Mozilla Firefox for Android 89
Remediation
Refer to Mozilla Foundation Security Advisory for the patch, upgrade, or suggested workaround information.
https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/