PT-2021-15630 · Mozilla+7 · Firefox+9

Andreas Pehrson

·

Published

2021-02-23

·

Updated

2024-12-12

·

CVE-2021-23973

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86 Thunderbird versions prior to 78.8 Firefox ESR versions prior to 78.8
Description: A decoding error may occur when loading a cross-origin resource in an audio/video context, potentially revealing information about the resource.
Recommendations: For Firefox versions prior to 86, update to version 86 or later. For Thunderbird versions prior to 78.8, update to version 78.8 or later. For Firefox ESR versions prior to 78.8, update to version 78.8 or later.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

ALT-PU-2021-1396
ALT-PU-2021-1399
ALT-PU-2021-1406
ALT-PU-2021-1410
ALT-PU-2021-1418
ALT-PU-2021-1428
ALT-PU-2021-1430
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CESA-2021_0655
CESA-2021_0656
CESA-2021_0657
CESA-2021_0661
CVE-2021-23973
DLA-2575-1
DLA-2578-1
DSA-4862-1
DSA-4866-1
MGASA-2021-0096
MGASA-2021-0097
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0373-1
OPENSUSE-SU-2021:0387-1
OPENSUSE-SU-2021_0373-1
OPENSUSE-SU-2021_0387-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:0655
RHSA-2021:0656
RHSA-2021:0657
RHSA-2021:0658
RHSA-2021:0659
RHSA-2021:0660
RHSA-2021:0661
RHSA-2021:0662
RHSA-2021_0655
RHSA-2021_0656
RHSA-2021_0657
RHSA-2021_0661
SUSE-SU-2021:0659-1
SUSE-SU-2021:0661-1
SUSE-SU-2021:0667-1
SUSE-SU-2021:0676-1
SUSE-SU-2021:14657-1
SUSE-SU-2021_14657-1
USN-4756-1
USN-4936-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu