CVE-2021-23982

Опубликовано: 23 мар. 2021

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	firefox	Fixed	RHSA-2021:0992	25.03.2021
Red Hat Enterprise Linux 7	thunderbird	Fixed	RHSA-2021:0996	25.03.2021
Red Hat Enterprise Linux 8	firefox	Fixed	RHSA-2021:0990	25.03.2021
Red Hat Enterprise Linux 8	thunderbird	Fixed	RHSA-2021:0993	25.03.2021
Red Hat Enterprise Linux 8.1 Extended Update Support	firefox	Fixed	RHSA-2021:0991	25.03.2021
Red Hat Enterprise Linux 8.1 Extended Update Support	thunderbird	Fixed	RHSA-2021:0995	25.03.2021
Red Hat Enterprise Linux 8.2 Extended Update Support	firefox	Fixed	RHSA-2021:0989	25.03.2021
Red Hat Enterprise Linux 8.2 Extended Update Support	thunderbird	Fixed	RHSA-2021:0994	25.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1942785Mozilla: Internal network hosts could have been probed by a malicious webpage

EPSS

Процентиль: 42%

0.00196

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2021-23982

CVSS3: 6.5

ubuntu

почти 5 лет назад

CVE-2021-23982

CVSS3: 6.5

nvd

почти 5 лет назад

CVE-2021-23982

CVSS3: 6.5

debian

почти 5 лет назад

Using techniques that built on the slipstream research, a malicious we ...

GHSA-hg4f-qgj6-3h4w

github

больше 3 лет назад

openSUSE-SU-2021:0487-1

suse-cvrf

почти 5 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 42%

0.00196

Низкий

6.1 Medium

CVSS3