Main Vulnerability Database Vulnerabilities #VU58613

Security features bypass in Mozilla Firefox and Firefox ESR - CVE-2021-43543

Published: December 7, 2021

Vulnerability identifier: #VU58613

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-43543

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox ESR

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling CSP policies. Documents loaded with the CSP sandbox directive can escape the sandbox's script restriction by embedding additional content.

How to mitigate CVE-2021-43543

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/

Security features bypass in Mozilla Firefox and Firefox ESR - CVE-2021-43543

Detailed vulnerability description

How to mitigate CVE-2021-43543

Sources

Please verify you're human