CVE-2021-4127
Publication date 22 December 2022
Last updated 25 August 2025
Ubuntu priority
Description
An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support | |
| thunderbird | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support, was needs-triage | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Notes
tyhicks
mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur
starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap
alexmurray
Only affects firefox-esr < 78.9
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |