CVE-2021-23972 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 38.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedFeb 26

Latest updateMay 24

Description

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/firefox< firefox 86.0-1 (sid)

▶CVEListV5mozilla/firefox< 86

▶NVDmozilla/firefox< 86.0

▶Ubuntumozilla/firefox< 86.0+build3-0ubuntu0.16.04.1+2

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-45hc-g9jq-5gv7: One phishing tactic on the web is to provide a link with HTTP Auth↗2022-05-24

▶

OSV

CVE-2021-23972: One phishing tactic on the web is to provide a link with HTTP Auth↗2021-02-26

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2021-02-26

▶

Debian

CVE-2021-23972: firefox - One phishing tactic on the web is to provide a link with HTTP Auth. For example ...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-07: CVE-2021-23972↗

▶