CVE-2021-23973Information Exposure via Error Message in Mozilla Firefox

CWE-209Information Exposure via Error Message12 documents8 sources
Severity
6.5MEDIUMNVD
OSV4.3
EPSS
0.5%
top 32.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedFeb 26
Latest updateMay 24

Description

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefox< 86
NVDmozilla/firefox< 86.0
CVEListV5mozilla/firefox_esr< 78.8
CVEListV5mozilla/thunderbird< 78.8

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

4
GHSA
GHSA-jw3c-jgq3-cf92: When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revea2022-05-24
OSV
thunderbird vulnerabilities2021-05-06
CVEList
CVE-2021-23973: When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revea2021-02-26
OSV
CVE-2021-23973: When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revea2021-02-26

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2021-05-06
Ubuntu
Firefox vulnerabilities2021-02-26
Red Hat
Mozilla: MediaError message property could have leaked information about cross-origin resources2021-02-23
Debian
CVE-2021-23973: firefox - When trying to load a cross-origin resource in an audio/video context a decoding...2021
Mozilla
Mozilla Foundation Security Advisory 2021-08: CVE-2021-23973
CVE-2021-23973 — Information Exposure via Error Message | cvebase