PT-2021-22164 · Mozilla+8 · Firefox+10

Irvan Kurniawan

·

Published

2021-10-05

·

Updated

2024-12-12

·

CVE-2021-38497

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 93 Thunderbird versions prior to 91.2 Firefox ESR versions prior to 91.2
Description The issue allows a plain-text validation message to be overlaid on another origin through the use of reportValidity() and window.open(), potentially leading to user confusion and spoofing attacks.
Recommendations For Firefox versions prior to 93, update to version 93 or later. For Thunderbird versions prior to 91.2, update to version 91.2 or later. For Firefox ESR versions prior to 91.2, update to version 91.2 or later.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALT-PU-2021-2981
ALT-PU-2021-2992
ALT-PU-2021-3004
ALT-PU-2021-3005
ALT-PU-2021-3026
ALT-PU-2021-3069
ALT-PU-2021-3097
ALT-PU-2021-3118
ALT-PU-2021-3368
ALT-PU-2021-3370
ALT-PU-2022-1782
ALT-PU-2022-1783
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2023-1138
ALT-PU-2023-4336
CESA-2021_3755
CESA-2021_3791
CESA-2021_3838
CESA-2021_3841
CVE-2021-38497
MGASA-2021-0469
MGASA-2021-0478
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1367-1
OPENSUSE-SU-2021:1635-1
OPENSUSE-SU-2021:3331-1
OPENSUSE-SU-2021:3451-1
OPENSUSE-SU-2021:4150-1
OPENSUSE-SU-2021_1367-1
OPENSUSE-SU-2021_1635-1
OPENSUSE-SU-2021_3331-1
OPENSUSE-SU-2021_3451-1
OPENSUSE-SU-2021_4150-1
OPENSUSE-SU-2024:11570-1
OPENSUSE-SU-2024:11571-1
OPENSUSE-SU-2024:14572-1
RHSA-2021:3755
RHSA-2021:3756
RHSA-2021:3757
RHSA-2021:3791
RHSA-2021:3838
RHSA-2021:3839
RHSA-2021:3840
RHSA-2021:3841
RHSA-2021_3755
RHSA-2021_3791
RHSA-2021_3838
RHSA-2021_3841
RLSA-2021:3755
RLSA-2021:3838
SUSE-SU-2021:14826-1
SUSE-SU-2021:3331-1
SUSE-SU-2021:3446-1
SUSE-SU-2021:3451-1
SUSE-SU-2021:4150-1
SUSE-SU-2021_14826-1
USN-5107-1
USN-5132-1
USN-5248-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu