VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pnme-8qav-aaaq

Essentials
Severities (109)
References (26)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-pnme-8qav-aaaq
Aliases	CVE-2021-4127
Summary	An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0989
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0990
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0991
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0992
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0993
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0994
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0995
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0996
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4127.json
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00257	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
epss	0.00726	https://api.first.org/data/v1/epss?cve=CVE-2021-4127
cvssv3.1	9.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1691547
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1691547
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-4127
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-4127
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2021-11
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2021-12
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2021-11/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2021-11/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2021-12/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2021-12/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4127.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-4127
		https://bugzilla.mozilla.org/show_bug.cgi?id=1691547
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127
		https://www.mozilla.org/security/advisories/mfsa2021-11/
		https://www.mozilla.org/security/advisories/mfsa2021-12/
1942784		https://bugzilla.redhat.com/show_bug.cgi?id=1942784
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2021-4127		https://nvd.nist.gov/vuln/detail/CVE-2021-4127
mfsa2021-11		https://www.mozilla.org/en-US/security/advisories/mfsa2021-11
mfsa2021-12		https://www.mozilla.org/en-US/security/advisories/mfsa2021-12
RHSA-2021:0989		https://access.redhat.com/errata/RHSA-2021:0989
RHSA-2021:0990		https://access.redhat.com/errata/RHSA-2021:0990
RHSA-2021:0991		https://access.redhat.com/errata/RHSA-2021:0991
RHSA-2021:0992		https://access.redhat.com/errata/RHSA-2021:0992
RHSA-2021:0993		https://access.redhat.com/errata/RHSA-2021:0993
RHSA-2021:0994		https://access.redhat.com/errata/RHSA-2021:0994
RHSA-2021:0995		https://access.redhat.com/errata/RHSA-2021:0995
RHSA-2021:0996		https://access.redhat.com/errata/RHSA-2021:0996

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4127.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1691547

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:35:14Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1691547

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4127

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4127

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2021-11/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:35:14Z/ Found at https://www.mozilla.org/security/advisories/mfsa2021-11/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2021-12/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:35:14Z/ Found at https://www.mozilla.org/security/advisories/mfsa2021-12/

Exploit Prediction Scoring System (EPSS)

Percentile	0.44251
EPSS Score	0.0024
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.