PT-2021-2600 · Mozilla+1 · Firefox For Android+2

Muneaki Nishimura

Published

2021-01-26

Updated

2024-12-12

CVE-2021-23959

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 85 Firefox for Android versions prior to 85

Description The issue is related to an XSS bug in internal error pages, which could have led to various spoofing attacks, including other error pages and the address bar. This affects the structure of web pages, potentially allowing a remote attacker to perform cross-site scripting attacks. The issue only affects Firefox for Android, with other operating systems being unaffected.

Recommendations For Firefox versions prior to 85, update to version 85 or later to resolve the issue. For Firefox for Android versions prior to 85, update to version 85 or later to resolve the issue. As a temporary workaround, consider restricting access to internal error pages until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-1162

ALT-PU-2021-3368

ALT-PU-2022-1782

BDU:2021-02083

CVE-2021-23959

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Firefox For Android

PT-2021-2600 · Mozilla+1 · Firefox For Android+2

CVE-2021-23959

Weakness Enumeration

Related Identifiers

Affected Products

References · 1870