{"api_version":"1","generated_at":"2026-04-23T00:40:38+00:00","cve":"CVE-2021-23963","urls":{"html":"https://cve.report/CVE-2021-23963","api":"https://cve.report/api/cve/CVE-2021-23963.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23963","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23963"},"summary":{"title":"CVE-2021-23963","description":"When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2021-02-26 03:15:00","updated_at":"2021-03-03 20:11:00"},"problem_types":["CWE-281"],"metrics":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1680793","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1680793","refsource":"MISC","tags":["Issue Tracking","Permissions Required","Vendor Advisory"],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2021-03/","name":"https://www.mozilla.org/security/advisories/mfsa2021-03/","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"Security Vulnerabilities fixed in Firefox 85 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23963","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23963","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"23963","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23963","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-23963","qid":"501554","title":"Alpine Linux Security Update for firefox"},{"cve":"CVE-2021-23963","qid":"503845","title":"Alpine Linux Security Update for firefox"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-23963","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"< 85"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Permission prompt inaccessible after asking for additional permissions"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2021-03/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2021-03/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1680793","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1680793"}]},"description":{"description_data":[{"lang":"eng","value":"When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85."}]}},"nvd":{"publishedDate":"2021-02-26 03:15:00","lastModifiedDate":"2021-03-03 20:11:00","problem_types":["CWE-281"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"85.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23963","Ordinal":"198719","Title":"CVE-2021-23963","CVE":"CVE-2021-23963","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23963","Ordinal":"1","NoteData":"When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"23963","Ordinal":"2","NoteData":"2021-02-25","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"23963","Ordinal":"3","NoteData":"2021-02-25","Type":"Other","Title":"Modified"}]}}}