CVE-2021-23995

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-23995

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23995.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23995

Downstream

DEBIAN-CVE-2021-23995

DLA-2632-1

DLA-2633-1

DSA-4895-1

DSA-4897-1

OESA-2023-1673

OESA-2023-1674

RHSA-2021:1350

RHSA-2021:1351

RHSA-2021:1352

RHSA-2021:1353

RHSA-2021:1360

RHSA-2021:1361

RHSA-2021:1362

RHSA-2021:1363

SUSE-SU-2021:1307-1

SUSE-SU-2021:1325-1

SUSE-SU-2021:1432-1

SUSE-SU-2021:1433-1

SUSE-SU-2021:14708-1

UBUNTU-CVE-2021-23995

USN-4926-1

USN-4995-1

USN-4995-2

openSUSE-SU-2021:0621-1

openSUSE-SU-2021:0644-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Withdrawn

2026-01-27T04:17:35.648964Z

Published

2021-06-24T14:15:09Z

Modified

2026-01-27T04:17:35.648964Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

References

Affected packages