PT-2021-15629 · Mozilla+4 · Firefox+4

Vijay Tikudave

·

Published

2021-02-23

·

Updated

2024-12-12

·

CVE-2021-23972

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86
Description: A phishing tactic involves providing a link with HTTP Auth, such as 'https://www.phishingtarget.com@evil.com'. Firefox displays a warning dialog to mitigate this attack. However, if the malicious site uses a redirect cached by the browser, the warning dialog may not be displayed.
Recommendations: For versions prior to 86, update to a version 86 or later to resolve the issue. As a temporary workaround, consider clearing the browser cache to minimize the risk of exploitation. Restrict access to potentially malicious sites to minimize the risk of phishing attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-1428
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CVE-2021-23972
OESA-2023-1673
OESA-2023-1674
OESA-2024-2320
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
USN-4756-1

Affected Products

Alt Linux
Astra Linux
Firefox
Linuxmint
Ubuntu