Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-23984

Опубликовано: 31 мар. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

РелизСтатусПримечание
bionic

released

87.0+build3-0ubuntu0.18.04.2
devel

released

87.0+build3-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

87.0+build3-0ubuntu0.20.04.2
groovy

released

87.0+build3-0ubuntu0.20.10.1
hirsute

released

87.0+build3-0ubuntu1
impish

released

87.0+build3-0ubuntu1
jammy

released

87.0+build3-0ubuntu1
kinetic

released

87.0+build3-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life
hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

ignored

focal

ignored

groovy

ignored

end of life
hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/jammy

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

ignored

end of life
hirsute

ignored

end of life
impish

ignored

end of life
jammy

ignored

Показывать по

РелизСтатусПримечание
bionic

released

1:78.11.0+build1-0ubuntu0.18.04.2
devel

released

1:78.11.0+build1-0ubuntu2
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

1:78.11.0+build1-0ubuntu0.20.04.2
groovy

released

1:78.11.0+build1-0ubuntu0.20.10.2
hirsute

released

1:78.11.0+build1-0ubuntu0.21.04.2
impish

released

1:78.11.0+build1-0ubuntu2
jammy

released

1:78.11.0+build1-0ubuntu2
kinetic

released

1:78.11.0+build1-0ubuntu2

Показывать по

Ссылки на источники

EPSS

Процентиль: 50%
0.00267
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-23984

CVSS3: 6.1
redhat
почти 5 лет назад

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

nvd логотип

CVE-2021-23984

CVSS3: 6.5
nvd
почти 5 лет назад

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

debian логотип

CVE-2021-23984

CVSS3: 6.5
debian
почти 5 лет назад

A malicious extension could have opened a popup window lacking an addr ...

github логотип

GHSA-5cpw-36f2-hgw7

github
больше 3 лет назад

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.

fstec логотип

BDU:2022-05941

CVSS3: 6.5
fstec
почти 5 лет назад

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев или фреймов пользовательского интерфейса, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 50%
0.00267
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Уязвимость CVE-2021-23984