CVE-2021-29951
Publication date 24 June 2021
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | ||
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
firefox-esr | ||
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
thunderbird | ||
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |