Key Information CVE Number: CVE-2021-4127 Vulnerability Title: Angle Security Backports for ESR-78 Status: Closed Priority: P3 Severity: S3 Type: defect Product: Core Component: Graphics Reporter: Tom Ritter [tjr] Assigned To: jgilbert Key Discussion Points Vulnerability Findings: Review of 4453 commits revealed issues such as crashes, restricted bugs, ASAN, TSAN, overflows, etc. Update Status: ANGLE has been updated to version 87 nightly in bug 1690349. Security Considerations: Options discussed include backporting obvious fixes, full library update, moving ESR off ANGLE, and evaluating ANGLE’s commit log. ESR Decision: Discussed whether to leave 86 unchanged or perform a full ANGLE update; ultimately chose full update due to security implications, despite risks and potential site breakage. Testing Issues: Affected by Pwn2Own. Patches and Files Attachment: : List of commits reviewed for potential security issues. Patches: Multiple patches related to ANGLE and security backports, including specific updates for Firefox versions 87/86, and ESR 78.