CVE-2021-23996 — Mozilla Firefox vulnerability

7 documents6 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.3%

top 49.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 24

Latest updateMay 24

Description

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 88.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 88

▶NVDmozilla/firefox< 88.0

▶Ubuntumozilla/firefox< 88.0+build2-0ubuntu0.16.04.1+2

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-h8mr-497v-gmmm: By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack th↗2022-05-24

▶

OSV

firefox vulnerabilities↗2021-04-26

▶

OSV

CVE-2021-23996: By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack th↗2021-04-19

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2021-04-26

▶

Debian

CVE-2021-23996: firefox - By utilizing 3D CSS in conjunction with Javascript, content could have been rend...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-16: CVE-2021-23996↗

▶