Lucene search
MozillaCVELIST:CVE-2021-23986HistoryMar 31, 2021 - 1:41 p.m.
CVE-2021-23986
2021-03-3113:41:04
mozilla
www.cve.org
A malicious extension with the ‘search’ permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.
CNA Affected
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "87",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2021-23986
2021-03-25 00:00:00
debiancve
debiancve
CVE-2021-23986
2021-03-31 14:15:19
veracode
veracode
Same-Origin Policy Bypass
2021-03-25 01:22:43
nvd
nvd
CVE-2021-23986
2021-03-31 14:15:19
cve
cve
CVE-2021-23986
2021-03-31 14:15:19
prion
prion
Design/Logic Flaw
2021-03-31 14:15:00
alpinelinux
alpinelinux
CVE-2021-23986
2021-03-31 14:15:19
nessus
nessus
Mozilla Firefox < 87.0
2021-03-23 00:00:00
Mozilla Firefox < 87.0
2021-03-23 00:00:00
osv
osv
firefox vulnerabilities
2021-03-25 22:36:31
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2021-10) - Linux
2021-11-08 00:00:00
Ubuntu: Security Advisory (USN-4893-1)
2021-03-26 00:00:00
Mozilla Firefox Security Advisory (MFSA2021-10) - Windows
2021-03-26 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2021-03-25 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 87 — Mozilla
2021-03-23 00:00:00
kaspersky
kaspersky
KLA12127 Multiple vulnerabilities in Mozilla Firefox
2021-03-23 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2021-04-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1835
2021-07-02 16:43:38