PT-2021-2996 · Mozilla+4 · Firefox+4

Colin D. Munro

·

Published

2021-04-19

·

Updated

2024-12-12

·

CVE-2021-23996

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 88
Description The issue is related to the use of 3D CSS in conjunction with Javascript, allowing content to be rendered outside the webpage's viewport. This could result in a spoofing attack, potentially used for phishing or other attacks on a user. The exploitation of this issue may enable a remote attacker to conduct spoofing attacks.
Recommendations For versions prior to 88, update to version 88 or later to resolve the issue. As a temporary workaround, consider disabling the use of 3D CSS in conjunction with Javascript until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2021-1676
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2021-02586
CVE-2021-23996
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
USN-4926-1

Affected Products

Alt Linux
Astra Linux
Firefox
Linuxmint
Ubuntu