CVE-2021-23984

medium

Description

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

References

https://www.mozilla.org/security/advisories/mfsa2021-12/

https://www.mozilla.org/security/advisories/mfsa2021-11/

https://www.mozilla.org/security/advisories/mfsa2021-10/

https://bugzilla.mozilla.org/show_bug.cgi?id=1693664

Details

Source: Mitre, NVD

Published: 2021-03-31

Updated: 2021-08-06

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium