CVE-2021-23986
CVSS v3.1
6.5 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.15 % (51th)
Affected Products
1
Advisories
4
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.
Weaknesses
- CWE-346
- Origin Validation Error
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2021-03-31 14:15:19
(3 years ago) - Updated Date
-
2021-08-06 18:18:20
(3 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...