CVE-2021-38497medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
References
https://www.mozilla.org/security/advisories/mfsa2021-43/
https://www.mozilla.org/security/advisories/mfsa2021-45/
Details
Source: MITRE
Published: 2021-11-03
Updated: 2021-11-04
Type: CWE-346
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 156561 | Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5132-1) | Nessus | Ubuntu Local Security Checks | high |
| 156395 | openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1) | Nessus | SuSE Local Security Checks | critical |
| 156292 | SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1) | Nessus | SuSE Local Security Checks | critical |
| 156271 | openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:4150-1) | Nessus | SuSE Local Security Checks | critical |
| 155552 | CentOS 7 : thunderbird (CESA-2021:3841) | Nessus | CentOS Local Security Checks | high |
| 155551 | CentOS 7 : firefox (CESA-2021:3791) | Nessus | CentOS Local Security Checks | high |
| 154353 | Oracle Linux 7 : thunderbird (ELSA-2021-3841) | Nessus | Oracle Linux Local Security Checks | high |
| 154341 | Oracle Linux 7 : firefox (ELSA-2021-3791) | Nessus | Oracle Linux Local Security Checks | high |
| 154214 | openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1367-1) | Nessus | SuSE Local Security Checks | critical |
| 154212 | SUSE SLES11 Security Update : MozillaFirefox, rust-cbindgen (SUSE-SU-2021:14826-1) | Nessus | SuSE Local Security Checks | critical |
| 154202 | Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:3791) | Nessus | Scientific Linux Local Security Checks | high |
| 154201 | Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:3841) | Nessus | Scientific Linux Local Security Checks | high |
| 154193 | openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3451-1) | Nessus | SuSE Local Security Checks | critical |
| 154183 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:3446-1) | Nessus | SuSE Local Security Checks | critical |
| 154182 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3451-1) | Nessus | SuSE Local Security Checks | critical |
| 154176 | Oracle Linux 8 : thunderbird (ELSA-2021-3838) | Nessus | Oracle Linux Local Security Checks | high |
| 154158 | CentOS 8 : thunderbird (CESA-2021:3838) | Nessus | CentOS Local Security Checks | high |
| 154156 | CentOS 8 : firefox (CESA-2021:3755) | Nessus | CentOS Local Security Checks | high |
| 154143 | RHEL 8 : thunderbird (RHSA-2021:3840) | Nessus | Red Hat Local Security Checks | high |
| 154136 | RHEL 8 : thunderbird (RHSA-2021:3839) | Nessus | Red Hat Local Security Checks | high |
| 154135 | RHEL 8 : thunderbird (RHSA-2021:3838) | Nessus | Red Hat Local Security Checks | high |
| 154134 | RHEL 7 : thunderbird (RHSA-2021:3841) | Nessus | Red Hat Local Security Checks | high |
| 154077 | RHEL 7 : firefox (RHSA-2021:3791) | Nessus | Red Hat Local Security Checks | high |
| 154059 | Mozilla Thunderbird < 91.2 | Nessus | Windows | high |
| 154058 | Mozilla Thunderbird < 91.2 | Nessus | MacOS X Local Security Checks | high |
| 154024 | RHEL 8 : firefox (RHSA-2021:3757) | Nessus | Red Hat Local Security Checks | high |
| 154023 | RHEL 8 : firefox (RHSA-2021:3756) | Nessus | Red Hat Local Security Checks | high |
| 154022 | RHEL 8 : firefox (RHSA-2021:3755) | Nessus | Red Hat Local Security Checks | high |
| 154011 | openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3331-1) | Nessus | SuSE Local Security Checks | critical |
| 154003 | SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3331-1) | Nessus | SuSE Local Security Checks | critical |
| 153997 | Oracle Linux 8 : firefox (ELSA-2021-3755) | Nessus | Oracle Linux Local Security Checks | high |
| 153925 | Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : Firefox vulnerabilities (USN-5107-1) | Nessus | Ubuntu Local Security Checks | high |
| 153881 | Mozilla Firefox < 93.0 | Nessus | Windows | high |
| 153880 | Mozilla Firefox < 93.0 | Nessus | MacOS X Local Security Checks | high |
| 153879 | Mozilla Firefox ESR < 91.2 | Nessus | MacOS X Local Security Checks | high |
| 153878 | Mozilla Firefox ESR < 91.2 | Nessus | Windows | high |