CVE-2021-29964

Summary

A locally-installed hostile program could send WM_COPYDATA messages that Firefox would process incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 78.11affected
MozillaFirefoxunspecified < 89affected
MozillaFirefox ESRunspecified < 78.11affected

Weaknesses

  • Out of bounds-read when parsing a WM_COPYDATA message

ADP Enrichment

CVE Program Container

Additional References

References