Login Sign Up

CVE-2021-29968

8.1 HIGH

📋 TL;DR

This vulnerability allows an attacker to read memory outside the bounds of a canvas buffer when Firefox renders text with WebRender disabled, potentially leaking sensitive information. It only affects Firefox versions below 89.0.1 running on Windows operating systems. Other browsers and operating systems are not impacted.

💻 Affected Systems

Products:
  • Mozilla Firefox
Versions: All versions < 89.0.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Firefox with WebRender disabled (though WebRender is enabled by default in most configurations).

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary memory read leading to information disclosure, potentially exposing sensitive data like passwords, session tokens, or other application memory contents.

🟠

Likely Case

Limited information disclosure from browser memory, possibly revealing fragments of user data or browser state.

🟢

If Mitigated

No impact if Firefox is patched to version 89.0.1 or higher, or if running on non-Windows systems.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. The specific memory read patterns would need to be crafted by an attacker.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 89.0.1

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2021-27/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Firefox will automatically check for and download updates. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Enable WebRender

windows

Force enable WebRender rendering engine which is not vulnerable to this issue

Set 'gfx.webrender.all' to true in about:config

Disable JavaScript

all

Prevent malicious JavaScript from exploiting the canvas rendering vulnerability

Set 'javascript.enabled' to false in about:config

🧯 If You Can't Patch

  • Switch to alternative browser on Windows systems
  • Implement network filtering to block access to untrusted websites

🔍 How to Verify

Check if Vulnerable:

Check Firefox version and operating system: version < 89.0.1 on Windows indicates vulnerability

Check Version:

firefox --version

Verify Fix Applied:

Verify Firefox version is 89.0.1 or higher via Help → About Firefox

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory access patterns in browser crash reports
  • Multiple canvas rendering errors in browser console

Network Indicators:

  • Requests to websites with complex canvas rendering scripts
  • Unusual data exfiltration patterns from browser processes

SIEM Query:

source="firefox" AND (event_type="crash" OR message="*canvas*" OR message="*out of bounds*")

📊 Metadata

CVE ID: CVE-2021-29968
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: June 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29968, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)