CVE-2021-23961

Published on: 02/25/2021 12:00:00 AM UTC

Last Modified on: 05/27/2022 06:18:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

  • CVE-2021-23961 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Mozilla - Firefox version < 85

CVSS3 Score: 7.4 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH NONE NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Mozilla Firefox: Multiple vulnerabilities (GLSA 202104-10) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-202104-10
[SECURITY] [DLA 2632-1] thunderbird security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20210422 [SECURITY] [DLA 2632-1] thunderbird security update
[SECURITY] [DLA 2633-1] firefox-esr security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20210423 [SECURITY] [DLA 2633-1] firefox-esr security update
Access Denied Issue Tracking
Permissions Required
Vendor Advisory
bugzilla.mozilla.org
text/html
URL Logo MISC bugzilla.mozilla.org/show_bug.cgi?id=1677940
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 202104-09) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-202104-09
Debian -- Security Information -- DSA-4897-1 thunderbird www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4897
Debian -- Security Information -- DSA-4895-1 firefox-esr www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4895
Security Vulnerabilities fixed in Firefox 85 — Mozilla Release Notes
Vendor Advisory
www.mozilla.org
text/html
URL Logo MISC www.mozilla.org/security/advisories/mfsa2021-03/

Related QID Numbers

  • 159161 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-1350)
  • 159163 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-1363)
  • 159166 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-1353)
  • 159167 Oracle Enterprise Linux Security Update for firefox (ELSA-2021-1360)
  • 174939 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1307-1)
  • 174946 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1325-1)
  • 174961 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1433-1)
  • 178559 Debian Security Update for firefox-esr (DSA 4895-1)
  • 178561 Debian Security Update for thunderbird (DSA 4897-1)
  • 178644 Debian Security Update for thunderbird (DLA 2632-1)
  • 178645 Debian Security Update for firefox-esr (DLA 2633-1)
  • 180604 Debian Security Update for thunderbirdfirefox-esr (CVE-2021-23961)
  • 198415 Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-1)
  • 198424 Ubuntu Security Notification for Thunderbird vulnerabilities (USN-4995-2)
  • 239256 Red Hat Update for firefox (RHSA-2021:1363)
  • 239257 Red Hat Update for firefox (RHSA-2021:1362)
  • 239258 Red Hat Update for firefox (RHSA-2021:1361)
  • 239259 Red Hat Update for firefox (RHSA-2021:1360)
  • 239261 Red Hat Update for thunderbird (RHSA-2021:1353)
  • 239262 Red Hat Update for thunderbird (RHSA-2021:1352)
  • 239263 Red Hat Update for thunderbird (RHSA-2021:1351)
  • 239264 Red Hat Update for thunderbird (RHSA-2021:1350)
  • 296068 Oracle Solaris 11.4 Support Repository Update (SRU) 34.94.4 Missing (CPUAPR2021)
  • 352368 Amazon Linux Security Advisory for thunderbird: ALAS2-2021-1644
  • 375479 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-15)
  • 375485 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-14)
  • 500933 Alpine Linux Security Update for firefox-esr
  • 501554 Alpine Linux Security Update for firefox
  • 502381 Alpine Linux Security Update for thunderbird
  • 710019 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202104-09)
  • 710020 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202104-10)
  • 750235 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:0644-1)
  • 750245 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:0621-1)
  • 940160 AlmaLinux Security Update for firefox (ALSA-2021:1360)
  • 940377 AlmaLinux Security Update for thunderbird (ALSA-2021:1353)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux9.0AllAllAll
ApplicationMozillaFirefoxAllAllAllAll
ApplicationMozillaFirefoxAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @pzt Firefoxは1月の85で10080ポートブロック済み。分かりづらいけど、security fixesの中のCVE-2021-23961対応ってことみたい。 / Firefox 85.0, See All New Feature… twitter.com/i/web/status/1… 2021-05-29 07:16:13
Twitter Icon @RemotelyAlerts Severity: ?? | Further techniques that built on the sli... | CVE-2021-23961 | Link for more: alerts.remotelyrmm.com/CVE-2021-23961 2022-05-27 19:31:19
Twitter Icon @LinInfoSec Firefox - CVE-2021-23961: mozilla.org/security/advis… 2022-05-27 21:03:11
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report