Firefox: Multiple vulnerabilities

===========================================================================
                         ZMCIRT Vulnerability Bulletin

                             ZMC-2021.06.2.1600
                      Firefox: Multiple vulnerabilities
                               2nd June 2021

===========================================================================
Product:           Firefox
Publisher:         Mozilla
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-29967 CVE-2021-29966 CVE-2021-29965
                   CVE-2021-29964 CVE-2021-29963 CVE-2021-29962
                   CVE-2021-29961 CVE-2021-29960 CVE-2021-29959

Reference:         ESB-2021.1896

Original Bulletin: 
   https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/


Mozilla Foundation Security Advisory 2021-23

Security Vulnerabilities fixed in Firefox 89

Announced: June  1, 2021
Impact:    high
Products:  Firefox
Fixed in:  Firefox 89

# CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain
spoofing

Reporter: Harshit Mahendra
Impact:   high

Description

A malicious website that causes an HTTP Authentication dialog to be spawned
could trick the built-in password manager to suggest passwords for the
currently active website instead of the website that triggered the dialog.
This bug only affects Firefox for Android. Other operating systems are
unaffected.

References

  o Bug 1709257

# CVE-2021-29960: Filenames printed from private browsing mode incorrectly
retained in preferences

Reporter: Sebastian Hengst
Impact:   moderate

Description

Firefox used to cache the last filename used for printing a file. When
generating a filename for printing, Firefox usually suggests the web page
title. The caching and suggestion techniques combined may have lead to the
title of a website visited during private browsing mode being stored on disk.

References

  o Bug 1675965

# CVE-2021-29961: Firefox UI spoof using `` elements and CSS scaling

Reporter: Irvan Kurniawan
Impact:   moderate

Description

When styling and rendering an oversized  element, Firefox did not apply
correct clipping which allowed an attacker to paint over the user interface.

References

  o Bug 1700235

# CVE-2021-29963: Shared cookies for search suggestions in private browsing mode

Reporter: Wladimir Palant working with Include Security
Impact:   moderate

Description

Address bar search suggestions in private browsing mode were re-using session
data from normal mode.
This bug only affects Firefox for Android. Other operating systems are
unaffected.

References

  o Bug 1705068

# CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message

Reporter: Ronald Crane
Impact:   moderate

Description

A locally-installed hostile program could send WM_COPYDATA messages that
Firefox would process incorrectly, leading to an out-of-bounds read.
This bug only affects Firefox on Windows. Other operating systems are
unaffected.

References

  o Bug 1706501

# CVE-2021-29959: Devices could be re-enabled without additional permission
prompt

Reporter: Jan-Ivar Bruaroey
Impact:   low

Description

When a user has already allowed a website to access microphone and camera,
disabling camera sharing would not fully prevent the website from re-enabling
it without an additional prompt. This was only possible if the website kept
recording with the microphone until re-enabling the camera.

References

  o Bug 1395819

# CVE-2021-29962: No rate-limiting for popups on Firefox for Android

Reporter: Wladimir Palant working with Include Security
Impact:   low

Description

Firefox for Android would become unstable and hard-to-recover when a website
opened too many popups.
This bug only affects Firefox for Android. Other operating systems are
unaffected.

References

  o Bug 1701673

# CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11

Reporter: Mozilla developers and community
Impact:   high

Description

Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis,
Gabriele Svelto reported memory safety bugs present in Firefox 88 and Firefox
ESR 78.11. Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been exploited to run
arbitrary code.

References

  o Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11

# CVE-2021-29966: Memory safety bugs fixed in Firefox 89

Reporter: Mozilla developers and community
Impact:   moderate

Description

Mozilla developers Christian Holler, Tooru Fujisawa, Tyson Smith reported
memory safety bugs present in Firefox 88. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some of these could
have been exploited to run arbitrary code.

References

  o Memory safety bugs fixed in Firefox 89


 
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Internet Email: report@cirt.zm     
Telephone:     7070 
                ZMCIRT personnel answer during Zambian business hours 
                which are 8am to 5pm.
                On call after hours for member emergencies only.
===========================================================================