Main Vulnerability Database Vulnerabilities #VU58613

#VU58613 Security features bypass in Mozilla Firefox and Firefox ESR - CVE-2021-43543

Published: December 7, 2021

Vulnerability identifier: #VU58613

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-43543

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling CSP policies. Documents loaded with the CSP sandbox directive can escape the sandbox's script restriction by embedding additional content.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/