CVE-2021-43538 Information

Jun 07, 2022 cve

Description

By misusing a race in our notification code an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0 Firefox ESR < 91.4.0 and Firefox < 95.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://www.mozilla.org/security/advisories/mfsa2021-52/ https://www.mozilla.org/security/advisories/mfsa2021-54/ https://www.mozilla.org/security/advisories/mfsa2021-53/ https://bugzilla.mozilla.org/show_bug.cgi?id=1739091 https://www.debian.org/security/2021/dsa-5026 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://www.debian.org/security/2022/dsa-5034 https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3

Share on: