CVE-2021-29982: 
NixOS vulnerability analysis and mitigation

CVE-2021-29982 is a security vulnerability discovered in Mozilla Firefox and Thunderbird versions prior to 91. The vulnerability was disclosed on August 10, 2021, and stems from an incorrect JIT (Just-In-Time) optimization issue where data from the wrong type of object was incorrectly interpreted, potentially leading to the leak of a single bit of memory (Mozilla Advisory, NVD).

The vulnerability occurs due to a flaw in the MacroAssembler::isCallableOrConstructor function where the same register is used for both object and output during Ion codegen. The function clobbers the register for the class check before checking function flags, leading to an incorrect interpretation of a single bit from one of the pointers in the function JSClass as a constructor flag. The randomization provided by ASLR causes differential behavior in the execution (Mozilla Bug).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. While the vulnerability allows for the leak of a single bit of memory, its impact is considered low due to the limited scope of the information disclosure (NVD).

The vulnerability was fixed in Firefox 91 and Thunderbird 91. Users are advised to upgrade to these versions or later to mitigate the risk. The fix involved modifying the LCheckClassHeritage to prevent register clobbering and implementing fallibleUnboxObject for more efficient handling (Mozilla Advisory, Gentoo Advisory).