Login Sign Up

CVE-2021-38493

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could exploit these vulnerabilities to execute arbitrary code on affected systems. Users running Firefox ESR versions below 78.14, Thunderbird below 78.14, or Firefox below 92 are vulnerable.

💻 Affected Systems

Products:
  • Firefox ESR
  • Thunderbird
  • Firefox
Versions: Firefox ESR < 78.14, Thunderbird < 78.14, Firefox < 92
Operating Systems: All platforms supported by affected browsers
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crashes or instability, with potential for limited code execution in sandboxed environments.

🟢

If Mitigated

Minimal impact if browsers are fully patched and running with security controls like sandboxing enabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires significant effort due to memory corruption bugs, but could be achieved through malicious web content without user authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox ESR 78.14+, Thunderbird 78.14+, Firefox 92+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2021-38/

Restart Required: Yes

Instructions:

1. Open affected browser. 2. Go to Settings > Help > About Firefox/Thunderbird. 3. Allow automatic update to latest version. 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily reduces attack surface by disabling JavaScript execution in browser.

about:config > javascript.enabled = false

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement network segmentation to isolate vulnerable browsers from critical systems

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog: Firefox ESR must be 78.14+, Thunderbird 78.14+, or Firefox 92+.

Check Version:

firefox --version | thunderbird --version

Verify Fix Applied:

Confirm version number matches patched versions after update and restart.

📡 Detection & Monitoring

Log Indicators:

  • Browser crash reports with memory access violations
  • Unexpected browser process termination

Network Indicators:

  • Unusual outbound connections from browser processes
  • Traffic to known malicious domains

SIEM Query:

source="browser_logs" AND (event="crash" OR event="memory_error") AND version<"92"

📊 Metadata

CVE ID: CVE-2021-38493
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 3, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38493, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)