CVE-2021-29985: 
NixOS vulnerability analysis and mitigation

CVE-2021-29985 is a use-after-free vulnerability discovered in Mozilla Firefox and Thunderbird's media channels that could lead to memory corruption and potentially exploitable crashes. The vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. It was discovered by Marcin 'Icewall' Noga of Cisco Talos and publicly disclosed on August 10, 2021 (Mozilla Advisory).

The vulnerability is classified as a use-after-free (CWE-416) issue in the MediaCacheStream::NotifyDataReceived method. The issue occurs when an nsBufferedStream object gets deallocated through HTMLAudioElement destruction but is later incorrectly accessed during a mozilla::MediaCacheStream::NotifyDataReceived method call. The vulnerability has a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could result in memory corruption and potentially exploitable crashes. With proper heap grooming, an attacker could potentially gain arbitrary code execution capabilities. The vulnerability requires user interaction, as a victim needs to visit a malicious webpage to trigger the vulnerability (Mozilla Advisory).

The vulnerability was fixed in Firefox 91.0, Firefox ESR 78.13, Thunderbird 78.13, and Thunderbird 91.0. Users are advised to upgrade to these or later versions. For Gentoo Linux users, specific upgrade commands were provided to update to the fixed versions (Gentoo Advisory).