PT-2021-7411 · Mozilla+2 · Firefox+2

Rob Wu

Published

2021-11-02

Updated

2023-09-22

CVE-2021-43531

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 94

Description The issue is related to a same-origin-violation in the context of Web Extensions, where a Web Extension could access the post-redirect URL of an element clicked, potentially leaking data it should not have access to. This was due to a lack of the WebRequest permission for the hosts involved in the redirect. The problem has been fixed to provide the pre-redirect URL instead.

Recommendations For Firefox versions prior to 94, update to version 94 or later to resolve the issue.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALT-PU-2021-3215

ALT-PU-2021-3391

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-06030

CVE-2021-43531

OESA-2023-1673

OESA-2023-1674

Affected Products

Alt Linux

Astra Linux

Firefox

PT-2021-7411 · Mozilla+2 · Firefox+2

CVE-2021-43531

Weakness Enumeration

Related Identifiers

Affected Products

References · 309