Security restrictions bypass in Mozilla Firefox

#VU52340 Security restrictions bypass in Mozilla Firefox

Published: 2021-04-19

Vulnerability identifier: #VU52340

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-24001

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers

Vendor: Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions to testing infrastructure. A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 80.0 - 87.0

CPE

cpe:2.3:a:mozilla:mozilla_firefox:87.0:*:*:*:*:*:*:*

External links
http://www.mozilla.org/en-US/security/advisories/mfsa2021-16/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Arch Linux update for firefox

Ubuntu update for firefox

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR