Vulnerability identifier: #VU48466
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to perform a DNS rebinding attack.
The vulnerability exists due to the way Firefox filters IPv4 mapped IP addresses. When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack.
Install updates from vendor's website.
Vulnerable software versions
Mozilla Firefox: 60.0 - 82.0.3
Firefox ESR: 78.0 - 78.4.1, 68.0 - 68.12.0, 60.0 - 60.9.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?