CVE-2021-21354

Name of the Vulnerable Software and Affected Versions Pollbot versions prior to 1.4.4

Description Pollbot is open source software used to automate polling tasks during the Firefox release process. It contains an open redirection issue in the path of "https://pollbot.services.mozilla.com/". An attacker can exploit this to redirect users to malicious sites by injecting a payload like "//evil.com/" into the URL. For example, typing "https://pollbot.services.mozilla.com//evil.com/" would redirect affected versions to the specified website.

Recommendations To resolve the issue, update to version 1.4.4 or later. As a temporary workaround, consider restricting access to the vulnerable path to minimize the risk of exploitation. Avoid using the vulnerable URL pattern until the issue is resolved.