PT-2021-15638 · Mozilla+7 · Firefox+9

Ben Seri

+2

·

Published

2021-03-23

·

Updated

2024-12-12

·

CVE-2021-23982

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions: Firefox ESR versions prior to 78.9 Firefox versions prior to 87 Thunderbird versions prior to 78.9
Description: A malicious webpage could scan an internal network's hosts and services running on the user's local machine using WebRTC connections. This issue leverages techniques built on the slipstream research.
Recommendations: For Firefox ESR versions prior to 78.9, update to version 78.9 or later. For Firefox versions prior to 87, update to version 87 or later. For Thunderbird versions prior to 78.9, update to version 78.9 or later.

Exploit

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

ALT-PU-2021-1543
ALT-PU-2021-1549
ALT-PU-2021-1562
ALT-PU-2021-1564
ALT-PU-2021-1804
ALT-PU-2021-1886
ALT-PU-2021-1892
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CESA-2021_0990
CESA-2021_0992
CESA-2021_0993
CESA-2021_0996
CVE-2021-23982
DLA-2607-1
DLA-2609-1
DSA-4874-1
DSA-4876-1
MGASA-2021-0163
MGASA-2021-0164
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:0487-1
OPENSUSE-SU-2021:0580-1
OPENSUSE-SU-2021_0487-1
OPENSUSE-SU-2021_0580-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:0989
RHSA-2021:0990
RHSA-2021:0991
RHSA-2021:0992
RHSA-2021:0993
RHSA-2021:0994
RHSA-2021:0995
RHSA-2021:0996
RHSA-2021_0990
RHSA-2021_0992
RHSA-2021_0993
RHSA-2021_0996
SUSE-SU-2021:0966-1
SUSE-SU-2021:0999-1
SUSE-SU-2021:1007-1
SUSE-SU-2021:1167-1
SUSE-SU-2021:14684-1
SUSE-SU-2021_14684-1
USN-4893-1
USN-4995-1
USN-4995-2

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu