Vulnerability CVE-2021-23984: Information

Description

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23984
Published: March 31, 2021
Modified: Aug. 6, 2021
Error type identifier: CWE-290

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus87.0-alt1125.0.2-alt1ALT-PU-2021-1543-1268304Fixed
firefoxp1087.0-alt1118.0.2-alt0.p10.1ALT-PU-2021-1543-1268304Fixed
firefoxp993.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2022-1782-1288073Fixed
firefoxc10f187.0-alt1112.0.2-alt0.p10.1ALT-PU-2021-1543-1268304Fixed
firefoxc9f293.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2021-3368-1288792Fixed
firefox-esrsisyphus78.9.0-alt1115.10.0-alt1ALT-PU-2021-1549-1268242Fixed
firefox-esrp1091.1.0-alt1115.10.0-alt1ALT-PU-2021-2881-1284980Fixed
firefox-esrp978.9.0-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2021-1562-1268338Fixed
firefox-esrc10f191.1.0-alt1115.9.1-alt0.c10.1ALT-PU-2021-2881-1284980Fixed
firefox-esrc9f291.3.0-alt1.c9.1102.12.0-alt0.c9.1ALT-PU-2021-3369-1288792Fixed
thunderbirdsisyphus78.10.1-alt1115.9.0-alt1ALT-PU-2021-1804-1267593Fixed
thunderbirdp1078.10.1-alt1115.9.0-alt1ALT-PU-2021-1804-1267593Fixed
thunderbirdp978.10.2-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2021-1892-1271859Fixed
thunderbirdc10f178.10.1-alt1115.9.0-alt0.c10.1ALT-PU-2021-1804-1267593Fixed
thunderbirdc9f278.10.2-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2021-1886-1272274Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2021-11/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-12/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-10/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1693664
  • Issue Tracking
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      87.0
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      78.9
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      78.9
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top