CVE-2021-23954

Summary

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox< 85affected
MozillaThunderbird< 78.7affected
MozillaFirefox ESR< 78.7affected

Weaknesses

  • Type confusion when using logical assignment operators in JavaScript switch statements

ADP Enrichment

CVE Program Container

Additional References

References