Published: 24/06/2021 Updated: 02/07/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox esr
mozilla thunderbird

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, privilege escalation or spoofing For the stable distribution (buster), these problems have been fixed in version 78100esr-1~deb10u1 We recommend that you upgrade your firefox-esr ...

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure In adddition a number of security issues were addressed in the OpenPGP support For the stable distribution (buster), these problems have been fixed in version 1:78100-1~deb10u1 We recommend that you upgrade y ...

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine This vulnerability affects Firefox < 85 (CVE-2021-23991) (CVE-2021-23992) (CVE-2021-23961) (CVE-2021-23993) (CVE-2021-23994) (CVE-2021-23995) (CVE- ...

A security issue has been found in Firefox before version 88 and Thunderbird before version 7810 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page ...

Mozilla Foundation Security Advisory 2021-16 Security Vulnerabilities fixed in Firefox 88 Announced April 19, 2021 Impact high Products Firefox Fixed in Firefox 88 ...

Mozilla Foundation Security Advisory 2021-15 Security Vulnerabilities fixed in Firefox ESR 7810 Announced April 19, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 7810 ...

Mozilla Foundation Security Advisory 2021-14 Security Vulnerabilities fixed in Thunderbird 7810 Announced April 19, 2021 Impact high Products Thunderbird Fixed in Thunderbird 7810 ...

Homebrew fixes Cask repo GitHub Actions bug that would have let anyone sneak malicious code onto machines

The Register • Iain Thomson in San Francisco • 26 Apr 2021

Plus: America creates task force to tackle ransomware crims

In Brief The Homebrew package manager for macOS and Linux has fixed an issue that could have been exploited by miscreants to run malicious code on people's computers. Specifically, the project's GitHub Actions setup could have been abused to sneak arbitrary Ruby code into its Cask repositories, security researcher RyotaK discovered and disclosed via HackerOne. The infosec bod found it was possible to merge a "malicious pull request by confusing the library that is used in the automated pull requ...

CVE-2021-23998

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect