PT-2021-2602 · Mozilla+1 · Firefox For Android+1

Eliya Stein

Published

2021-01-26

Updated

2024-12-12

CVE-2021-23957

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 85

Description The issue is related to errors in privilege management within the isolated environment of the Firefox for Android browser's iframe. It could allow a remote attacker to impact data integrity. The vulnerability can be exploited through navigations using the Android-specific intent URL scheme, potentially allowing an attacker to escape the iframe sandbox.

Recommendations For versions prior to 85, update to version 85 or later to resolve the issue. As a temporary workaround, consider restricting access to the intent URL scheme to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2021-1162

ALT-PU-2021-3368

ALT-PU-2022-1782

BDU:2021-02085

CVE-2021-23957

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox For Android

PT-2021-2602 · Mozilla+1 · Firefox For Android+1

CVE-2021-23957

Weakness Enumeration

Related Identifiers

Affected Products

References · 1872