CVE-2021-29990 – CVE-2021-29990 is a memory corruption vulnerabi... (How to Fix)

Q: How do I fix CVE-2021-29990?

1. Open Firefox. 2. Click menu (three horizontal lines). 3. Select Help > About Firefox. 4. Firefox will check for updates and install Firefox 91 or later. 5. Restart Firefox when prompted.

Q: What is the severity of CVE-2021-29990?

CVE-2021-29990 has a CVSS score of 8.8 (HIGH). CVE-2021-29990 is a memory corruption vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. It affects Firefox versions before 91. Users who haven't updated their Firefox browser are vulnerable to potential exploitation.

📋 TL;DR

CVE-2021-29990 is a memory corruption vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. It affects Firefox versions before 91. Users who haven't updated their Firefox browser are vulnerable to potential exploitation.

💻 Affected Systems

Products:

Mozilla Firefox

Versions: All versions < 91

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Firefox versions are vulnerable.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crash or instability, with potential for limited code execution in browser context.

🟢

If Mitigated

No impact if Firefox is updated to version 91 or later.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Memory corruption bugs require sophisticated exploitation but could be chained with other vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 91 and later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2021-33/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu (three horizontal lines). 3. Select Help > About Firefox. 4. Firefox will check for updates and install Firefox 91 or later. 5. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript to reduce attack surface while patching.

about:config -> javascript.enabled = false

🧯 If You Can't Patch

Use alternative browser until Firefox can be updated
Implement network filtering to block malicious websites

🔍 How to Verify

Check if Vulnerable:

Check Firefox version in About Firefox dialog (Help > About Firefox). If version is less than 91, system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

Confirm Firefox version is 91 or higher in About Firefox dialog.

📡 Detection & Monitoring

Log Indicators:

Firefox crash reports
Unexpected process termination

Network Indicators:

Suspicious website visits preceding crashes

SIEM Query:

source="firefox.log" AND ("crash" OR "segfault")

📊 Metadata

CVE ID: CVE-2021-29990

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 17, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073 Broken Link,Issue Tracking,Vendor Advisory
https://security.gentoo.org/glsa/202202-03 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2021-33/ Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073 Broken Link,Issue Tracking,Vendor Advisory
https://security.gentoo.org/glsa/202202-03 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2021-33/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29990, you might also want to check these: