CVE-2021-23973

Published: Feb 26, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Affected (5)

Products: Mozilla: Firefox, Firefox Esr, Thunderbird · Debian: Debian Linux

3 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 86.0
Mozilla Firefox Esr	Before 78.8
Mozilla Thunderbird	Before 78.8

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (16)

https://bugzilla.mozilla.org/show_bug.cgi?id=1690976

Source: security@mozilla.org

Issue TrackingPermissions RequiredVendor Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202104-09

Source: security@mozilla.org

Third Party Advisory

https://security.gentoo.org/glsa/202104-10

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-4866

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2021-07/

Source: security@mozilla.org

Release NotesVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-08/

Source: security@mozilla.org

Release NotesVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-09/

Source: security@mozilla.org

Release NotesVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1690976

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202104-09

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202104-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4866

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2021-07/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-08/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-09/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.