CVE-2021-43536Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information ExposureCWE-1021UI Misrepresentation / ClickjackingCWE-668Resource Exposure16 documents8 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.6%
top 31.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedDec 8
Latest updateJan 21

Description

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified95
NVDmozilla/firefox< 95.0
CVEListV5mozilla/firefox_esrunspecified91.4.0
CVEListV5mozilla/thunderbirdunspecified91.4.0
NVDmozilla/firefox_esr< 91.4.0

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

6
OSV
thunderbird vulnerabilities2022-01-21
OSV
firefox regressions2021-12-20
GHSA
GHSA-qg5x-9wqx-3jxq: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL2021-12-09
OSV
firefox vulnerabilities2021-12-09
CVEList
CVE-2021-43536: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL2021-12-08

📋Vendor Advisories

9
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Firefox regressions2021-12-20
Ubuntu
Firefox vulnerabilities2021-12-09
Red Hat
Mozilla: URL leakage when navigating while executing asynchronous function2021-12-07
CVE-2021-43536 — Sensitive Information Exposure | cvebase