Main Vulnerability Database Vulnerabilities #VU50032

Resource management error in Mozilla Firefox - CVE-2021-23963

Published: January 26, 2021

Vulnerability identifier: #VU50032

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-23963

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission.

How to mitigate CVE-2021-23963

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/

Resource management error in Mozilla Firefox - CVE-2021-23963

Detailed vulnerability description

How to mitigate CVE-2021-23963

Sources

Please verify you're human