Main Vulnerability Database Vulnerabilities #VU58607

Spoofing attack in Mozilla Firefox and Firefox ESR - CVE-2021-43538

Published: December 7, 2021

Vulnerability identifier: #VU58607

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-43538

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox ESR

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to a race in notification code. A remote attacker can hide the notification for pages that had received full screen and pointer lock access. Successful exploitation of the vulnerability may allow an attacker to perform spoofing attack.

How to mitigate CVE-2021-43538

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/

Spoofing attack in Mozilla Firefox and Firefox ESR - CVE-2021-43538

Detailed vulnerability description

How to mitigate CVE-2021-43538

Sources

Please verify you're human