PT-2021-7391 · Mozilla+7 · Firefox Esr+9
Rob Wu
·
Published
2021-03-23
·
Updated
2024-12-12
·
CVE-2021-23984
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox ESR versions prior to 78.9
Firefox versions prior to 87
Thunderbird versions prior to 78.9
Description
A malicious extension could open a popup window lacking an address bar, with a fully controllable title, allowing it to spoof a website and attempt to trick the user into providing credentials. This issue is related to incorrect restriction of visualizable layers or frames in the user interface, which could enable a remote attacker to conduct spoofing attacks.
Recommendations
For Firefox ESR versions prior to 78.9, update to version 78.9 or later.
For Firefox versions prior to 87, update to version 87 or later.
For Thunderbird versions prior to 78.9, update to version 78.9 or later.
Exploit
Fix
Authentication Bypass by Spoofing
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu