Published: 31/03/2021 Updated: 06/08/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox esr
mozilla thunderbird

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing attacks For the stable distribution (buster), these problems have been fixed in version 7890esr-1~deb10u1 We recommend that you upgrade your firefox-esr packages For ...

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure For the stable distribution (buster), these problems have been fixed in version 1:7890-1~deb10u1 We recommend that you upgrade your thunderbird packages For the detailed security status of thunderbird please ...

The Mozilla Foundation Security Advisory describes this issue as:A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash (CVE-2021-23981) Using techniques that built on the slipstream research, a ...

No description is available for this CVE ...

A security issue was found in Firefox before version 87 and Thunderbird before version 789 A malicious extension could have opened a popup window lacking an address bar The title of the popup lacking an address bar should not be fully controllable, but in this situation was This could have been used to spoof a website and attempt to trick the u ...

Mozilla Foundation Security Advisory 2021-10 Security Vulnerabilities fixed in Firefox 87 Announced March 23, 2021 Impact high Products Firefox Fixed in Firefox 87 ...

Mozilla Foundation Security Advisory 2021-11 Security Vulnerabilities fixed in Firefox ESR 789 Announced March 23, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 789 ...

Mozilla Foundation Security Advisory 2021-12 Security Vulnerabilities fixed in Thunderbird 789 Announced March 23, 2021 Impact high Products Thunderbird Fixed in Thunderbird 789 ...

CWE-290 https://www.mozilla.org/security/advisories/mfsa2021-11/https://www.mozilla.org/security/advisories/mfsa2021-12/https://www.mozilla.org/security/advisories/mfsa2021-10/https://bugzilla.mozilla.org/show_bug.cgi?id=1693664 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4874

CVE-2021-23984

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect