Login Sign Up

CVE-2021-23987

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could exploit these vulnerabilities to execute arbitrary code on affected systems. Users of Firefox ESR before 78.9, Firefox before 87, and Thunderbird before 78.9 are vulnerable.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Firefox ESR
  • Mozilla Thunderbird
Versions: Firefox ESR < 78.9, Firefox < 87, Thunderbird < 78.9
Operating Systems: All platforms supported by affected software
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations are vulnerable; no special configuration required.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser/application crash (denial of service) with potential for limited code execution in sandboxed context.

🟢

If Mitigated

No impact if patched; limited impact if browser sandboxing contains exploitation.

🌐 Internet-Facing: HIGH - Web browsers are inherently internet-facing and process untrusted content.
🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious internal websites or documents.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Memory corruption bugs require sophisticated exploitation techniques but could be chained with other vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox ESR 78.9+, Firefox 87+, Thunderbird 78.9+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2021-10/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update download and installation. 4. Restart when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Reduces attack surface by disabling JavaScript execution, though this breaks most websites.

about:config → javascript.enabled = false

Use Content Security Policy

all

Implement CSP headers to restrict script execution from untrusted sources.

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement application whitelisting to prevent execution of malicious payloads

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog; if Firefox < 87, Firefox ESR < 78.9, or Thunderbird < 78.9, system is vulnerable.

Check Version:

firefox --version || thunderbird --version

Verify Fix Applied:

Confirm version is Firefox ESR ≥ 78.9, Firefox ≥ 87, or Thunderbird ≥ 78.9.

📡 Detection & Monitoring

Log Indicators:

  • Browser crash reports with memory access violations
  • Unexpected process termination

Network Indicators:

  • Unusual outbound connections from browser processes
  • Traffic to known exploit hosting domains

SIEM Query:

process_name IN ('firefox.exe', 'thunderbird.exe') AND event_id = 1000 (Application Error)

📊 Metadata

CVE ID: CVE-2021-23987
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 31, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23987, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)