Vulnerability-Lookup

CVE-2021-23969 (GCVE-0-2021-23969)

Vulnerability from cvelistv5 – Published: 2021-02-26 01:57 – Updated: 2024-08-03 19:14

Summary

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Severity ?

No CVSS data available.

CWE

Content Security Policy violation report could have contained the destination of a redirect

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1542194	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2021/dsa-4866	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/202104-10	vendor-advisoryx_refsource_GENTOO
	https://security.gentoo.org/glsa/202104-09	vendor-advisoryx_refsource_GENTOO

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: < 86

	Mozilla	Thunderbird	Affected: < 78.8
	Mozilla	Firefox ESR	Affected: < 78.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
          },
          {
            "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
          },
          {
            "name": "DSA-4866",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4866"
          },
          {
            "name": "GLSA-202104-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-10"
          },
          {
            "name": "GLSA-202104-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-09"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 86"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 78.8"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 78.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Content Security Policy violation report could have contained the destination of a redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:11.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
        },
        {
          "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
        },
        {
          "name": "DSA-4866",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4866"
        },
        {
          "name": "GLSA-202104-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-10"
        },
        {
          "name": "GLSA-202104-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-09"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 86"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 78.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 78.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Content Security Policy violation report could have contained the destination of a redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
            },
            {
              "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
            },
            {
              "name": "DSA-4866",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4866"
            },
            {
              "name": "GLSA-202104-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-10"
            },
            {
              "name": "GLSA-202104-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-09"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-23969",
    "datePublished": "2021-02-26T01:57:45.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:14:09.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-143

Vulnerability from certfr_avis - Published: 2021-02-24 - Updated: 2021-02-24

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 78.8
	Mozilla	Firefox	Firefox versions antérieures à 86

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2021-07 du 23 février 2021	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2021-08 du 23 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 78.8",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 86",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23970"
    },
    {
      "name": "CVE-2021-23977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23977"
    },
    {
      "name": "CVE-2021-23976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23976"
    },
    {
      "name": "CVE-2021-23975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23975"
    },
    {
      "name": "CVE-2021-23979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23979"
    },
    {
      "name": "CVE-2021-23974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23974"
    },
    {
      "name": "CVE-2021-23973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
    },
    {
      "name": "CVE-2021-23971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23971"
    },
    {
      "name": "CVE-2021-23968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
    },
    {
      "name": "CVE-2020-26954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26954"
    },
    {
      "name": "CVE-2021-23969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
    },
    {
      "name": "CVE-2021-23972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23972"
    },
    {
      "name": "CVE-2021-23978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
    }
  ],
  "initial_release_date": "2021-02-24T00:00:00",
  "last_revision_date": "2021-02-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-143",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-07 du 23 f\u00e9vrier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-08 du 23 f\u00e9vrier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/"
    }
  ]
}

CERTFR-2021-AVI-144

Vulnerability from certfr_avis - Published: 2021-02-24 - Updated: 2021-03-01

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 78.8

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2021-09 du 23 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 78.8",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
    },
    {
      "name": "CVE-2021-23968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
    },
    {
      "name": "CVE-2021-23969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
    },
    {
      "name": "CVE-2021-23978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
    }
  ],
  "initial_release_date": "2021-02-24T00:00:00",
  "last_revision_date": "2021-03-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-144",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-24T00:00:00.000000"
    },
    {
      "description": "Correction du bulletin de s\u00e9curit\u00e9 Mozilla.",
      "revision_date": "2021-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-09 du 23 f\u00e9vrier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/"
    }
  ]
}

CNVD-2021-15356

Vulnerability from cnvd - Published: 2021-03-08

Title

Mozilla Firefox存在未明漏洞（CNVD-2021-15356）

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 中存在安全漏洞。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Mozilla Firefox存在未明漏洞（CNVD-2021-15356）的补丁

Patch Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 中存在安全漏洞。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/

Reference

https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html

Impacted products

Name
['Mozilla Firefox <86', 'Mozilla Thunderbird <78.8', 'Mozilla Firefox ESR <78.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23969",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox \u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-09/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-15356",
  "openTime": "2021-03-08",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox \u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15356\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c86",
      "Mozilla Thunderbird \u003c78.8",
      "Mozilla Firefox ESR \u003c78.8"
    ]
  },
  "referenceLink": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-05",
  "title": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15356\uff09"
}

GHSA-HRPC-C9C2-PJ6W

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-28 00:00

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-23969"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-26T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
  "id": "GHSA-hrpc-c9c2-pj6w",
  "modified": "2022-05-28T00:00:21Z",
  "published": "2022-05-24T22:28:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-09"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-10"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4866"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-07"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-08"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-23969

Vulnerability from fkie_nvd - Published: 2021-02-26 02:15 - Updated: 2024-11-21 05:52

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1542194	Issue Tracking, Permissions Required, Vendor Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html	Mailing List, Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/202104-09	Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/202104-10	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2021/dsa-4866	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2021-07/	Release Notes, Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2021-08/	Release Notes, Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2021-09/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1542194	Issue Tracking, Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202104-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202104-10	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4866	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2021-07/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2021-08/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2021-09/	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89580DC6-183F-46F0-A27E-4E16D6B10EB6",
              "versionEndExcluding": "86.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A523AED-F145-4D51-BF78-95B61B8A0B34",
              "versionEndExcluding": "78.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABA16AF-38C2-4445-B41F-9228C97A89C1",
              "versionEndExcluding": "78.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
    },
    {
      "lang": "es",
      "value": "Como se especifica en el borrador de la Pol\u00edtica de Seguridad de Contenido W3C, cuando se crea un informe de infracci\u00f3n, \"Los agentes de usuario necesitan asegurar que el archivo de origen sea la URL solicitada por la p\u00e1gina, redireccionamientos previos. Si eso no es posible, los agentes de usuario deben reducir la URL a un origen para evitar fugas involuntarias\". Bajo determinados tipos de redireccionamientos, Firefox ajust\u00f3 incorrectamente el archivo de origen como el destino de los redireccionamientos.\u0026#xa0;Se corrigi\u00f3 que este fuera el origen del destino de redireccionamiento.\u0026#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 86, Thunderbird versiones anteriores a 78,8 y Firefox ESR versiones anteriores a 78,8"
    }
  ],
  "id": "CVE-2021-23969",
  "lastModified": "2024-11-21T05:52:07.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-26T02:15:12.947",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-09"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-10"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4866"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-23969

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-23969

Aliases

CVE-2021-23969

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-23969",
    "description": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
    "id": "GSD-2021-23969",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-23969.html",
      "https://www.debian.org/security/2021/dsa-4866",
      "https://www.debian.org/security/2021/dsa-4862",
      "https://access.redhat.com/errata/RHSA-2021:0662",
      "https://access.redhat.com/errata/RHSA-2021:0661",
      "https://access.redhat.com/errata/RHSA-2021:0660",
      "https://access.redhat.com/errata/RHSA-2021:0659",
      "https://access.redhat.com/errata/RHSA-2021:0658",
      "https://access.redhat.com/errata/RHSA-2021:0657",
      "https://access.redhat.com/errata/RHSA-2021:0656",
      "https://access.redhat.com/errata/RHSA-2021:0655",
      "https://ubuntu.com/security/CVE-2021-23969",
      "https://advisories.mageia.org/CVE-2021-23969.html",
      "https://security.archlinux.org/CVE-2021-23969",
      "https://linux.oracle.com/cve/CVE-2021-23969.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-23969"
      ],
      "details": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
      "id": "GSD-2021-23969",
      "modified": "2023-12-13T01:23:29.933535Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2021-23969",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 86"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 78.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 78.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Content Security Policy violation report could have contained the destination of a redirect"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
          },
          {
            "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
          },
          {
            "name": "DSA-4866",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4866"
          },
          {
            "name": "GLSA-202104-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202104-10"
          },
          {
            "name": "GLSA-202104-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202104-09"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2021-23969"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "78.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "86"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "78.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox ESR \u003c 78.8, Firefox \u003c 86, and Thunderbird \u003c 78.8."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Content Security Policy violation report could have contained the destination of a redirect"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "86.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "78.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "78.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23969"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542194"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
            },
            {
              "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
            },
            {
              "name": "DSA-4866",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4866"
            },
            {
              "name": "GLSA-202104-09",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202104-09"
            },
            {
              "name": "GLSA-202104-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202104-10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-05-27T18:17Z",
      "publishedDate": "2021-02-26T02:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-23969 (GCVE-0-2021-23969)

CERTFR-2021-AVI-143

Solution

CERTFR-2021-AVI-144

Solution

CNVD-2021-15356

GHSA-HRPC-C9C2-PJ6W

FKIE_CVE-2021-23969

GSD-2021-23969

Tags

Sightings

Nomenclature