Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-38508

Опубликовано: 02 нояб. 2021
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxFixedRHSA-2021:411603.11.2021
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2021:413404.11.2021
Red Hat Enterprise Linux 8firefoxFixedRHSA-2021:412303.11.2021
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2021:413004.11.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2021:413304.11.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportfirefoxFixedRHSA-2021:460710.11.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2021:413204.11.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportfirefoxFixedRHSA-2021:460510.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1021
https://bugzilla.redhat.com/show_bug.cgi?id=2019627Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing

EPSS

Процентиль: 62%
0.0043
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-38508

CVSS3: 4.3
ubuntu
больше 3 лет назад

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

nvd логотип

CVE-2021-38508

CVSS3: 4.3
nvd
больше 3 лет назад

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

debian логотип

CVE-2021-38508

CVSS3: 4.3
debian
больше 3 лет назад

By displaying a form validity message in the correct location at the s ...

github логотип

GHSA-9mfh-2h7f-xf6h

CVSS3: 4.3
github
больше 3 лет назад

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

fstec логотип

BDU:2021-05703

CVSS3: 4.2
fstec
почти 4 года назад

Уязвимость браузера Mozilla Firefox, связанная с некорректным ограничением визуализированных слоев пользовательского интерфейса, позволяющая нарушителю проводить атаки с использованием спуфинга

EPSS

Процентиль: 62%
0.0043
Низкий

6.1 Medium

CVSS3