CVE-2021-23953

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 85 Firefox ESR versions prior to 78.7 Thunderbird versions prior to 78.7

Description The issue is related to the inclusion of features from an untrusted controlled area, allowing a remote attacker to gain unauthorized access to protected information using a specially crafted malicious PDF file. If a user clicks on a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information when said information is served as chunked data.

Recommendations For Firefox versions prior to 85, update to version 85 or later to resolve the issue. For Firefox ESR versions prior to 78.7, update to version 78.7 or later to resolve the issue. For Thunderbird versions prior to 78.7, update to version 78.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the PDF reader in the affected browser versions until a patch is available.