By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
debian_linuxeq11.0
firefoxlt95.0
firefox_esrlt91.4.0
thunderbirdlt91.4.0

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
debian_linux	eq	11.0
firefox	lt	95.0
firefox_esr	lt	91.4.0
thunderbird	lt	91.4.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1739091

lists.debian.org/debian-lts-announce/2021/12/msg00030.html

lists.debian.org/debian-lts-announce/2022/01/msg00001.html

security.gentoo.org/glsa/202202-03

security.gentoo.org/glsa/202208-14

www.debian.org/security/2021/dsa-5026

www.debian.org/security/2022/dsa-5034

www.mozilla.org/security/advisories/mfsa2021-52/

www.mozilla.org/security/advisories/mfsa2021-53/

www.mozilla.org/security/advisories/mfsa2021-54/

alpinelinux 1

cnvd 1

veracode 1

redhatcve 1

ubuntucve 1

nvd 1

cvelist 1

cve 1

debiancve 1

suse 4

nessus 46

openvas 26

oraclelinux 4

ubuntu 4

centos 1

rocky 2

redhat 10

archlinux 2

almalinux 2

altlinux 2

osv 11

mozilla 3

mageia 2

kaspersky 3

debian 4

ibm 2

gentoo 2

alpinelinux

CVE-2021-43538

2021-12-08 22:15:09

cnvd

Mozilla Firefox conditional competition issue vulnerability

2021-12-12 00:00:00

veracode

Spoofing Attack

2021-12-10 07:36:32

redhatcve

CVE-2021-43538

2021-12-08 02:49:43

ubuntucve

CVE-2021-43538

2021-12-08 00:00:00

nvd

CVE-2021-43538

2021-12-08 22:15:09

cvelist

CVE-2021-43538

2021-12-08 21:20:20

cve

CVE-2021-43538

2021-12-08 22:15:09

debiancve

CVE-2021-43538

2021-12-08 22:15:09

suse

Security update for MozillaFirefox (important)

2021-12-10 00:00:00

Security update for MozillaFirefox (important)

2021-12-12 00:00:00

Security update for MozillaThunderbird (important)

2021-12-29 00:00:00

nessus

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14859-1)

2021-12-11 00:00:00

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1575-1)

2021-12-17 00:00:00

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:5014)

2021-12-08 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:4000-1)

2021-12-13 00:00:00

Mozilla Firefox ESR Security Advisory (MFSA2021-53) - Mac OS X

2021-12-12 00:00:00

CentOS: Security Advisory for firefox (CESA-2021:5014)

2022-01-11 00:00:00

oraclelinux

firefox security update

2021-12-08 00:00:00

firefox security update

2021-12-09 00:00:00

thunderbird security update

2021-12-10 00:00:00

ubuntu

Firefox regressions

2021-12-20 00:00:00

Firefox vulnerabilities

2021-12-09 00:00:00

Thunderbird vulnerabilities

2022-01-21 00:00:00

centos

firefox security update

2021-12-14 00:04:22

rocky

firefox security update

2021-12-08 09:42:58

thunderbird security update

2021-12-09 12:14:59

redhat

(RHSA-2021:5014) Important: firefox security update

2021-12-08 09:42:59

(RHSA-2021:5017) Important: firefox security update

2021-12-08 09:44:27

(RHSA-2021:5013) Important: firefox security update

2021-12-08 09:42:58

archlinux

[ASA-202112-9] thunderbird: multiple issues

2021-12-11 00:00:00

[ASA-202112-8] firefox: multiple issues

2021-12-11 00:00:00

almalinux

Important: firefox security update

2021-12-08 09:42:58

Important: thunderbird security update

2021-12-09 12:14:59

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 91.4.0-alt1

2021-12-14 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 91.4.0-alt1

2021-12-21 00:00:00

osv

Important: firefox security update

2021-12-08 09:42:58

firefox vulnerabilities

2021-12-09 18:55:33

firefox regressions

2021-12-20 22:35:44

mozilla

Security Vulnerabilities fixed in Firefox ESR 91.4.0 — Mozilla

2021-12-07 00:00:00

Security Vulnerabilities fixed in Thunderbird 91.4.0 — Mozilla

2021-12-07 00:00:00

Security Vulnerabilities fixed in Firefox 95 — Mozilla

2021-12-07 00:00:00

mageia

Updated firefox packages fix security vulnerability

2021-12-11 01:19:07

Updated thunderbird packages fix security vulnerability

2021-12-11 01:19:07

kaspersky

KLA12375 Multiple vulnerabilities in Mozilla Firefox ESR

2021-12-07 00:00:00

KLA12376 Multiple vulnerabilities in Mozilla Thunderbird

2021-12-07 00:00:00

KLA12374 Multiple vulnerabilities in Mozilla Firefox

2021-12-07 00:00:00

debian

[SECURITY] [DLA 2863-1] firefox-esr security update

2021-12-29 14:08:44

[SECURITY] [DSA 5026-1] firefox-esr security update

2021-12-19 15:23:09

[SECURITY] [DSA 5034-1] thunderbird security update

2022-01-02 17:01:50

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

2022-04-29 04:43:11

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

2023-01-31 14:47:39

gentoo

Mozilla Firefox: Multiple vulnerabilities

2022-02-21 00:00:00

Mozilla Thunderbird: Multiple Vulnerabilities

2022-08-10 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for PRION:CVE-2021-43538