CVE-2021-29946

一、漏洞信息
 漏洞编号：[CVE-2021-29946](https://nvd.nist.gov/vuln/detail/CVE-2021-29946)
 漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)
 漏洞归属的版本：62.0.3,79.0
 CVSS V3.0分值：
  BaseScore：8.8 High
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
 漏洞简述：
  Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
 漏洞公开时间：2021-06-24 22:15
 漏洞创建时间：2021-09-26 03:44:17
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2021-29946
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| MISC | https://www.mozilla.org/security/advisories/mfsa2021-15/ |  |
| MISC | https://www.mozilla.org/security/advisories/mfsa2021-16/ |  |
| MISC | https://www.mozilla.org/security/advisories/mfsa2021-14/ |  |
| MISC | https://bugzilla.mozilla.org/show_bug.cgi?id=1698503 |  |
| redhat | https://access.redhat.com/security/cve/CVE-2021-29946 |  |
| mozilla | https://www.mozilla.org/security/advisories/mfsa2021-15/ |  |
| mozilla |  https://www.mozilla.org/security/advisories/mfsa2021-16/ |  |
| mozilla |  https://www.mozilla.org/security/advisories/mfsa2021-14/ |  |
| bugzilla |  https://bugzilla.mozilla.org/show_bug.cgi?id=1698503 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
  Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
 openEuler评分：
  8.8
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.master(115.9.0):不受影响
2.openEuler-20.03-LTS-SP4(79.0):不受影响
3.openEuler-22.03-LTS-SP1(102.15.0):不受影响
4.openEuler-22.03-LTS-SP3(102.15.0):不受影响
5.openEuler-22.03-LTS-SP4(102.15.0):不受影响
6.openEuler-24.03-LTS(115.9.0):不受影响
7.openEuler-24.03-LTS-Next(115.9.0):不受影响

修复是否涉及abi变化(是/否)：
  1.master(115.9.0):否
2.openEuler-20.03-LTS-SP4(79.0):否
3.openEuler-22.03-LTS-SP1(102.15.0):否
4.openEuler-22.03-LTS-SP3(102.15.0):否
5.openEuler-22.03-LTS-SP4(102.15.0):否
6.openEuler-24.03-LTS(115.9.0):否
7.openEuler-24.03-LTS-Next(115.9.0):否

原因说明：
  1.master(115.9.0):
2.openEuler-20.03-LTS-SP4(79.0):
3.openEuler-22.03-LTS-SP1(102.15.0):
4.openEuler-22.03-LTS-SP3(102.15.0):
5.openEuler-22.03-LTS-SP4(102.15.0):
6.openEuler-24.03-LTS(115.9.0):
7.openEuler-24.03-LTS-Next(115.9.0):

@small_leek 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|            Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.      |
|已分析|2.openEulerScore|8.8|
|已分析|3.openEulerVector|AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-22.03-LTS-SP2:不受影响,openEuler-22.03-LTS-SP3:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|master:否,openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-Next:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

影响性分析说明：
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
openEuler评分：
8.8
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
受影响版本排查(受影响/不受影响)：
1.master(128.3.0):不受影响
2.openEuler-20.03-LTS-SP4(79.0):不受影响
3.openEuler-22.03-LTS-SP1(102.15.0):不受影响
4.openEuler-22.03-LTS-SP3(102.15.0):不受影响
5.openEuler-22.03-LTS-SP4(102.15.0):不受影响
6.openEuler-24.03-LTS(128.3.0):不受影响
7.openEuler-24.03-LTS-Next(128.3.0):不受影响

修复是否涉及abi变化(是/否)：
1.master(128.3.0):否
2.openEuler-20.03-LTS-SP4(79.0):否
3.openEuler-22.03-LTS-SP1(102.15.0):否
4.openEuler-22.03-LTS-SP3(102.15.0):否
5.openEuler-22.03-LTS-SP4(102.15.0):否
6.openEuler-24.03-LTS(128.3.0):否
7.openEuler-24.03-LTS-Next(128.3.0):否

原因说明：
1.master(128.3.0): 已修复
2.openEuler-20.03-LTS-SP4(79.0): 已修复
3.openEuler-22.03-LTS-SP1(102.15.0): 已修复
4.openEuler-22.03-LTS-SP3(102.15.0): 已修复
5.openEuler-22.03-LTS-SP4(102.15.0): 已修复
6.openEuler-24.03-LTS(128.3.0): 已修复
7.openEuler-24.03-LTS-Next(128.3.0): 已修复

src-openEuler/firefox

内容风险标识

评论 (18)

src-openEuler/firefox .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2021-29946

评论 (18)

搜索帮助

src-openEuler/firefox