CVE-2021-38496

Summary

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 78.15affected
MozillaThunderbirdunspecified < 91.2affected
MozillaFirefox ESRunspecified < 91.2affected
MozillaFirefox ESRunspecified < 78.15affected
MozillaFirefoxunspecified < 93affected

Weaknesses

  • Use-after-free in MessageTask

ADP Enrichment

CVE Program Container

Additional References

References