CVE-2021-23961 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure13 documents7 sources

Severity

7.4HIGHNVD

EPSS

0.6%

top 29.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox +3 more

Timeline

PublishedFeb 26

Latest updateMay 24

Description

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages8 packages

▶debiandebian/firefox< firefox 85.0-1 (sid)

▶CVEListV5mozilla/firefox< 85

▶NVDmozilla/firefox< 85.0

▶debiandebian/firefox-esr< firefox 85.0-1 (sid)

▶mozillamozilla/firefox

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-m4x9-6p9j-3hx6: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2021-06-25

▶

OSV

thunderbird vulnerabilities↗2021-06-22

▶

OSV

CVE-2021-23961: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well↗2021-02-26

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2021-06-25

▶

Ubuntu

Thunderbird vulnerabilities↗2021-06-22

▶

Red Hat

Mozilla: More internal network hosts could have been probed by a malicious webpage↗2021-04-19

▶

Ubuntu

Firefox vulnerabilities↗2021-02-01

▶

Debian

CVE-2021-23961: firefox - Further techniques that built on the slipstream research combined with a malicio...↗2021

▶