Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2021-29951

Published: 24/06/2021 Updated: 12/07/2022
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Firefox

Vulnerability Summary

The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla thunderbird

mozilla firefox_esr

Vendor Advisories

Red Hat: CVE-2021-29951
No description is available for this CVE ...
Arch Linux Issues:
A security issue has been found in Thunderbird for Windows before version 78101 The Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 78.10.1
Mozilla Foundation Security Advisory 2021-18 Security Vulnerabilities fixed in Firefox ESR 78101 Announced May 4, 2021 Impact moderate Products Firefox ESR Fixed in Firefox ESR 78101 ...
Mozilla: Security Vulnerabilities fixed in Firefox 87
Mozilla Foundation Security Advisory 2021-10 Security Vulnerabilities fixed in Firefox 87 Announced March 23, 2021 Impact high Products Firefox Fixed in Firefox 87 ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 78.10.1
Mozilla Foundation Security Advisory 2021-19 Security Vulnerabilities fixed in Thunderbird 78101 Announced May 4, 2021 Impact moderate Products Thunderbird Fixed in Thunderbird 78101 ...

References

CWE-269https://bugzilla.mozilla.org/show_bug.cgi?id=1690062https://www.mozilla.org/security/advisories/mfsa2021-10/https://www.mozilla.org/security/advisories/mfsa2021-19/https://www.mozilla.org/security/advisories/mfsa2021-18/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-29951
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook