CVE-2021-29968: 
NixOS vulnerability analysis and mitigation

CVE-2021-29968 is a security vulnerability discovered in Mozilla Firefox that affects versions prior to 89.0.1. The vulnerability was identified when drawing text onto a canvas with WebRender disabled, which could result in an out-of-bounds read. This security issue specifically affects Firefox running on Windows operating systems, while other operating systems remain unaffected (Mozilla Advisory, NVD).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs during text rendering operations when WebRender is disabled. The issue received a CVSS v3.1 base score of 8.1 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H. The vulnerability was specifically tied to the interaction between Direct2D and Skia when WebRender was disabled (NVD).

The vulnerability could lead to memory corruption and potentially result in crashes when users interact with affected web content. For affected Windows users, certain websites could become unusable due to reliable triggering of the vulnerability. The issue was particularly impactful as it represented approximately 3% of crashes on the release version, making it one of the top 5 crashers for Firefox 89 (Mozilla Bug).

Mozilla addressed this vulnerability in Firefox version 89.0.1. As an additional mitigation measure, Mozilla implemented a blocklist entry for D2D on the affected hardware to reduce crash occurrences. Users were advised to update to Firefox 89.0.1 or later to resolve the issue (Mozilla Advisory).