4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
51.2%
Through a series of navigations, Firefox could have entered fullscreen mode
without notification or warning to the user. This could lead to spoofing
attacks on the browser UI including phishing. This vulnerability affects
Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 94.0+build3-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 94.0+build3-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 94.0+build3-0ubuntu0.21.04.1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 94.0+build3-0ubuntu0.21.10.1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 94.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 94.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 94.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | firefox | < 94.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | firefox | < 94.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-38506
nvd.nist.gov/vuln/detail/CVE-2021-38506
security-tracker.debian.org/tracker/CVE-2021-38506
ubuntu.com/security/notices/USN-5131-1
ubuntu.com/security/notices/USN-5152-1
ubuntu.com/security/notices/USN-5248-1
www.cve.org/CVERecord?id=CVE-2021-38506
www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506
www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
51.2%