Main Vulnerability Database Vulnerabilities #VU50884

Security restrictions bypass in Firefox for Android - CVE-2021-23976

Published: February 23, 2021

Vulnerability identifier: #VU50884

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-23976

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android

Detailed vulnerability description

The vulnerability allows a local application to escalate privileges on the system.

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites.

How to mitigate CVE-2021-23976

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/

Security restrictions bypass in Firefox for Android - CVE-2021-23976

Detailed vulnerability description

How to mitigate CVE-2021-23976

Sources

Please verify you're human