cbcvebase.
CVE-2021-43532
published 2021-12-08

CVE-2021-43532: The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in…

PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.53%
40.8th percentile
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 94.0-1 (sid)firefox 94.0-1 (sid)
mozillafirefox< 94.094.0
mozillafirefox
mozillafirefox>= 0 < 94.0+build3-0ubuntu0.18.04.194.0+build3-0ubuntu0.18.04.1
mozillafirefox>= 0 < 94.0+build3-0ubuntu0.20.04.194.0+build3-0ubuntu0.20.04.1
mozillafirefox>= 0 < 94.0+build3-0ubuntu194.0+build3-0ubuntu1
mozillafirefox>= unspecified < 9494

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.