PT-2021-8017 · Mozilla+2 · Firefox+2

Taiga Shirakura

Published

2021-11-02

Updated

2023-09-22

CVE-2021-43533

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 94

Description The issue is related to incorrect restriction of visualized layers in the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing.

Recommendations For versions prior to 94, update to version 94 or later to resolve the issue. As a temporary workaround, consider restricting access to internationalized domain names until the update is applied. Avoid using URLs with internationalized domain names in the affected browser versions until the issue is resolved.

Exploit

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

ALT-PU-2021-3215

ALT-PU-2021-3391

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2024-02638

CVE-2021-43533

OESA-2023-1673

OESA-2023-1674

Affected Products

Alt Linux

Astra Linux

Firefox

PT-2021-8017 · Mozilla+2 · Firefox+2

CVE-2021-43533

Weakness Enumeration

Related Identifiers

Affected Products

References · 309