UBUNTU-CVE-2021-29955

Source
https://ubuntu.com/security/CVE-2021-29955
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-29955.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-29955
Related
Published
2021-06-24T14:15:00Z
Modified
2021-06-24T14:15:00Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.

References

Affected packages

Ubuntu:Pro:18.04:LTS / mozjs52

Package

Name
mozjs52
Purl
pkg:deb/ubuntu/mozjs52?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

52.*

52.3.1-0ubuntu3
52.3.1-7fakesync1
52.8.1-0ubuntu0.18.04.1
52.9.1-0ubuntu0.18.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / mozjs38

Package

Name
mozjs38
Purl
pkg:deb/ubuntu/mozjs38?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

38.*

38.8.0~repack1-0ubuntu1
38.8.0~repack1-0ubuntu3
38.8.0~repack1-0ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mozjs52

Package

Name
mozjs52
Purl
pkg:deb/ubuntu/mozjs52?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

52.*

52.9.1-1build1
52.9.1-1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mozjs68

Package

Name
mozjs68
Purl
pkg:deb/ubuntu/mozjs68?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

68.*

68.5.0-1~fakesync
68.5.0-2~fakesync
68.6.0-1
68.6.0-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / mozjs78

Package

Name
mozjs78
Purl
pkg:deb/ubuntu/mozjs78?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

78.*

78.13.0-1
78.15.0-2
78.15.0-4ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}