VulnerableCode Package Details - pkg:alpm/archlinux/firefox@89.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-q36w-4vxw-aaab Aliases: CVE-2021-29968	When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 89.0.1.	89.0.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-q36w-4vxw-aaab
Aliases:
CVE-2021-29968

When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1.

89.0.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3mtv-y9yn-aaad	Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.	CVE-2021-29966
VCID-5293-nuea-aaad	Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 89.	CVE-2021-29963
VCID-7k21-adjy-aaap	Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.	CVE-2021-29967
VCID-8gdb-ewcx-aaab	When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.	CVE-2021-29959
VCID-azyp-xzh7-aaam	A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.	CVE-2021-29964
VCID-b99r-nem8-aaac	Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.	CVE-2021-29960
VCID-fe84-n6d1-aaar	When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.	CVE-2021-29961
VCID-jh8t-7kyt-aaag	A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 89.	CVE-2021-29965
VCID-vy2j-921u-aaae	Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 89.	CVE-2021-29962

Vulnerability

Summary

Aliases

VCID-3mtv-y9yn-aaad

Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.

CVE-2021-29966

VCID-5293-nuea-aaad

Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

CVE-2021-29963

VCID-7k21-adjy-aaap

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

CVE-2021-29967

VCID-8gdb-ewcx-aaab

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.

CVE-2021-29959

VCID-azyp-xzh7-aaam

A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

CVE-2021-29964

VCID-b99r-nem8-aaac

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.

CVE-2021-29960

VCID-fe84-n6d1-aaar

When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.

CVE-2021-29961

VCID-jh8t-7kyt-aaag

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

CVE-2021-29965

VCID-vy2j-921u-aaae

Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

CVE-2021-29962

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:33.729452+00:00	Arch Linux Importer	Affected by	VCID-q36w-4vxw-aaab	https://security.archlinux.org/AVG-2074	36.0.0
2025-03-28T07:45:36.438521+00:00	Arch Linux Importer	Fixing	VCID-8gdb-ewcx-aaab	https://security.archlinux.org/AVG-2018	36.0.0
2025-03-28T07:45:36.419430+00:00	Arch Linux Importer	Fixing	VCID-b99r-nem8-aaac	https://security.archlinux.org/AVG-2018	36.0.0
2025-03-28T07:45:36.400384+00:00	Arch Linux Importer	Fixing	VCID-fe84-n6d1-aaar	https://security.archlinux.org/AVG-2018	36.0.0
2025-03-28T07:45:36.381355+00:00	Arch Linux Importer	Fixing	VCID-3mtv-y9yn-aaad	https://security.archlinux.org/AVG-2018	36.0.0
2025-03-28T07:45:36.362172+00:00	Arch Linux Importer	Fixing	VCID-7k21-adjy-aaap	https://security.archlinux.org/AVG-2018	36.0.0
2025-03-28T07:45:36.342281+00:00	Arch Linux Importer	Fixing	VCID-vy2j-921u-aaae	https://security.archlinux.org/AVG-2019	36.0.0
2025-03-28T07:45:36.325154+00:00	Arch Linux Importer	Fixing	VCID-5293-nuea-aaad	https://security.archlinux.org/AVG-2019	36.0.0
2025-03-28T07:45:36.307998+00:00	Arch Linux Importer	Fixing	VCID-azyp-xzh7-aaam	https://security.archlinux.org/AVG-2019	36.0.0
2025-03-28T07:45:36.290741+00:00	Arch Linux Importer	Fixing	VCID-jh8t-7kyt-aaag	https://security.archlinux.org/AVG-2019	36.0.0
2024-09-18T02:01:52.202838+00:00	Arch Linux Importer	Affected by	VCID-q36w-4vxw-aaab	https://security.archlinux.org/AVG-2074	34.0.1
2024-09-18T02:00:34.691881+00:00	Arch Linux Importer	Fixing	VCID-8gdb-ewcx-aaab	https://security.archlinux.org/AVG-2018	34.0.1
2024-09-18T02:00:34.667141+00:00	Arch Linux Importer	Fixing	VCID-b99r-nem8-aaac	https://security.archlinux.org/AVG-2018	34.0.1
2024-09-18T02:00:34.645706+00:00	Arch Linux Importer	Fixing	VCID-fe84-n6d1-aaar	https://security.archlinux.org/AVG-2018	34.0.1
2024-09-18T02:00:34.623809+00:00	Arch Linux Importer	Fixing	VCID-3mtv-y9yn-aaad	https://security.archlinux.org/AVG-2018	34.0.1
2024-09-18T02:00:34.597228+00:00	Arch Linux Importer	Fixing	VCID-7k21-adjy-aaap	https://security.archlinux.org/AVG-2018	34.0.1
2024-09-18T02:00:34.570741+00:00	Arch Linux Importer	Fixing	VCID-vy2j-921u-aaae	https://security.archlinux.org/AVG-2019	34.0.1
2024-09-18T02:00:34.548550+00:00	Arch Linux Importer	Fixing	VCID-5293-nuea-aaad	https://security.archlinux.org/AVG-2019	34.0.1
2024-09-18T02:00:34.526413+00:00	Arch Linux Importer	Fixing	VCID-azyp-xzh7-aaam	https://security.archlinux.org/AVG-2019	34.0.1
2024-09-18T02:00:34.503592+00:00	Arch Linux Importer	Fixing	VCID-jh8t-7kyt-aaag	https://security.archlinux.org/AVG-2019	34.0.1
2024-01-20T12:06:29.145477+00:00	Arch Linux Importer	Fixing	VCID-8gdb-ewcx-aaab	https://security.archlinux.org/AVG-2018	34.0.0rc2
2024-01-20T12:06:29.123413+00:00	Arch Linux Importer	Fixing	VCID-b99r-nem8-aaac	https://security.archlinux.org/AVG-2018	34.0.0rc2
2024-01-20T12:06:29.101355+00:00	Arch Linux Importer	Fixing	VCID-fe84-n6d1-aaar	https://security.archlinux.org/AVG-2018	34.0.0rc2
2024-01-20T12:06:29.079367+00:00	Arch Linux Importer	Fixing	VCID-3mtv-y9yn-aaad	https://security.archlinux.org/AVG-2018	34.0.0rc2
2024-01-20T12:06:29.057267+00:00	Arch Linux Importer	Fixing	VCID-7k21-adjy-aaap	https://security.archlinux.org/AVG-2018	34.0.0rc2
2024-01-03T22:27:56.856823+00:00	Arch Linux Importer	Affected by	VCID-q36w-4vxw-aaab	https://security.archlinux.org/AVG-2074	34.0.0rc1
2024-01-03T22:26:51.325483+00:00	Arch Linux Importer	Fixing	VCID-8gdb-ewcx-aaab	https://security.archlinux.org/AVG-2018	34.0.0rc1
2024-01-03T22:26:51.299247+00:00	Arch Linux Importer	Fixing	VCID-b99r-nem8-aaac	https://security.archlinux.org/AVG-2018	34.0.0rc1
2024-01-03T22:26:51.275297+00:00	Arch Linux Importer	Fixing	VCID-fe84-n6d1-aaar	https://security.archlinux.org/AVG-2018	34.0.0rc1
2024-01-03T22:26:51.249275+00:00	Arch Linux Importer	Fixing	VCID-3mtv-y9yn-aaad	https://security.archlinux.org/AVG-2018	34.0.0rc1
2024-01-03T22:26:51.223076+00:00	Arch Linux Importer	Fixing	VCID-7k21-adjy-aaap	https://security.archlinux.org/AVG-2018	34.0.0rc1
2024-01-03T22:26:51.197026+00:00	Arch Linux Importer	Fixing	VCID-vy2j-921u-aaae	https://security.archlinux.org/AVG-2019	34.0.0rc1
2024-01-03T22:26:51.175217+00:00	Arch Linux Importer	Fixing	VCID-5293-nuea-aaad	https://security.archlinux.org/AVG-2019	34.0.0rc1
2024-01-03T22:26:51.151265+00:00	Arch Linux Importer	Fixing	VCID-azyp-xzh7-aaam	https://security.archlinux.org/AVG-2019	34.0.0rc1
2024-01-03T22:26:51.131601+00:00	Arch Linux Importer	Fixing	VCID-jh8t-7kyt-aaag	https://security.archlinux.org/AVG-2019	34.0.0rc1

2025-03-28T07:46:33.729452+00:00

Arch Linux Importer

Affected by

VCID-q36w-4vxw-aaab

https://security.archlinux.org/AVG-2074

36.0.0

2025-03-28T07:45:36.438521+00:00

Arch Linux Importer

Fixing

Next non-vulnerable version	89.0.1-1
Latest non-vulnerable version	101.0-1
Risk	3.6