CVE-2021-23982 — Inadequate Encryption Strength in Mozilla Firefox
CWE-326 — Inadequate Encryption StrengthCWE-200 — Sensitive Information Exposure15 documents8 sources
Severity
6.5MEDIUMNVD
OSV8.1OSV7.4
EPSS
0.1%
top 69.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 31
Latest updateMay 24
Description
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
🔴Vulnerability Details
6GHSA▶
GHSA-hg4f-qgj6-3h4w: Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services ru↗2022-05-24
OSV▶
CVE-2021-23982: Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services ru↗2021-03-31
CVEList▶
CVE-2021-23982: Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services ru↗2021-03-31
📋Vendor Advisories
8Debian▶
CVE-2021-23982: firefox - Using techniques that built on the slipstream research, a malicious webpage coul...↗2021