CVE-2021-38509
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/12/2021
Last modified:
09/12/2022
Description
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 94.0 (excluding) | |
| cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* | 91.3.0 (excluding) | |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 91.3.0 (excluding) | |
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.mozilla.org/show_bug.cgi?id=1718571
- https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
- https://security.gentoo.org/glsa/202202-03
- https://security.gentoo.org/glsa/202208-14
- https://www.debian.org/security/2021/dsa-5026
- https://www.debian.org/security/2022/dsa-5034
- https://www.mozilla.org/security/advisories/mfsa2021-48/
- https://www.mozilla.org/security/advisories/mfsa2021-49/
- https://www.mozilla.org/security/advisories/mfsa2021-50/