Spoofing attack in Mozilla Firefox and Firefox ESR - CVE-2021-23984
Published: March 23, 2021 / Updated: April 8, 2021
Vulnerability identifier: #VU51664
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-23984
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Firefox ESR
Mozilla Firefox
Firefox ESR
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.
How to mitigate CVE-2021-23984
Install updates from vendor's website.