Lucene search
MozillaCVELIST:CVE-2021-43532HistoryDec 08, 2021 - 9:20 p.m.
CVE-2021-43532
2021-12-0821:20:53
mozilla
www.cve.org
The ‘Copy Image Link’ context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94.
CNA Affected
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "94",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authentication flaw
2021-12-08 22:15:00
Design/Logic Flaw
2021-12-08 22:15:00
cnvd
cnvd
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2021-99624)
2021-12-12 00:00:00
ubuntucve
ubuntucve
CVE-2021-43532
2021-12-08 00:00:00
CVE-2021-43531
2021-12-08 00:00:00
debiancve
debiancve
CVE-2021-43532
2021-12-08 22:15:09
CVE-2021-43531
2021-12-08 22:15:09
cve
cve
CVE-2021-43532
2021-12-08 22:15:09
CVE-2021-43531
2021-12-08 22:15:09
veracode
veracode
Information Disclosure
2021-12-14 19:28:30
nvd
nvd
CVE-2021-43532
2021-12-08 22:15:09
CVE-2021-43531
2021-12-08 22:15:09
cvelist
cvelist
CVE-2021-43531
2021-12-08 21:20:58
openvas
openvas
Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Windows
2022-03-28 00:00:00
Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Mac OS X
2022-03-28 00:00:00
kaspersky
kaspersky
KLA12335 Multiple vulnerabilities in Mozilla Firefox
2021-11-02 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 94 — Mozilla
2021-11-02 00:00:00