CVE-2021-38506 Information

Description

Through a series of navigations Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94 Thunderbird < 91.3 and Firefox ESR < 91.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://www.mozilla.org/security/advisories/mfsa2021-50/ https://bugzilla.mozilla.org/show_bug.cgi?id=1730750 https://www.mozilla.org/security/advisories/mfsa2021-49/ https://www.mozilla.org/security/advisories/mfsa2021-48/ https://www.debian.org/security/2021/dsa-5026 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://www.debian.org/security/2022/dsa-5034 https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3