CVE-2021-29947: 
NixOS vulnerability analysis and mitigation

CVE-2021-29947 is a memory safety vulnerability discovered in Firefox 87 and fixed in Firefox 88. The vulnerability was reported by Mozilla developers and community members (Ryan VanderMeulen, Sean Feng, Tyson Smith, Julian Seward, Christian Holler) and disclosed on April 19, 2021. The issue affects Mozilla Firefox versions prior to 88.0 (Mozilla Advisory).

The vulnerability is classified as a memory safety bug that showed evidence of memory corruption. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) and CVSS v2.0 score of 6.8 (MEDIUM). The vulnerability is categorized as CWE-787 (Out-of-bounds Write) (NVD).

The memory safety bugs showed evidence of memory corruption which could potentially be exploited to execute arbitrary code on affected systems. This indicates a significant security risk as successful exploitation could allow attackers to run malicious code with the privileges of the Firefox process (Mozilla Advisory).

The vulnerability was addressed in Firefox 88.0. Users are advised to update to Firefox version 88.0 or later to mitigate this security issue. The fix was also included in the Ubuntu security updates for various versions of the operating system (Ubuntu Notice).