Main Vulnerability Database Vulnerabilities #VU50021

Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2021-23953

Published: January 26, 2021

Vulnerability identifier: #VU50021

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-23953

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to cross-origin information leak when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and gain access to sensitive information via redirected PDF requests, when said information is served as chunked data.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/

Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2021-23953

Description

Remediation

External links

Please verify you're human