#CVE-2021-32810: Data race in crossbeam-deque Reporter Maor Kleinberger Impact moderate Description #CVE-2021-38498: Use-after-free of nsLanguageAtomService object Reporter Yangkang of 360 ATA Team Impact moderate Descriptionĭuring process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. #CVE-2021-38497: Validation message could have been overlaid on another origin Reporter Irvan Kurniawan Impact moderate Description #CVE-2021-38496: Use-after-free in MessageTask Reporter Yangkang of 360 ATA Team Impact high Descriptionĭuring operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Mozilla Foundation Security Advisory 2021-43 Security Vulnerabilities fixed in Firefox 93 Announced OctoImpact high Products Firefox Fixed in
