Lucene search
PRIOn knowledge basePRION:CVE-2021-23986HistoryMar 31, 2021 - 2:15 p.m.
Design/Logic Flaw
2021-03-3114:15:00
PRIOn knowledge base
www.prio-n.com
6
A malicious extension with the ‘search’ permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.
Related
alpinelinux
alpinelinux
CVE-2021-23986
2021-03-31 14:15:19
ubuntucve
ubuntucve
CVE-2021-23986
2021-03-25 00:00:00
debiancve
debiancve
CVE-2021-23986
2021-03-31 14:15:19
veracode
veracode
Same-Origin Policy Bypass
2021-03-25 01:22:43
nvd
nvd
CVE-2021-23986
2021-03-31 14:15:19
cve
cve
CVE-2021-23986
2021-03-31 14:15:19
cvelist
cvelist
CVE-2021-23986
2021-03-31 13:41:04
nessus
nessus
Mozilla Firefox < 87.0
2021-03-23 00:00:00
Mozilla Firefox < 87.0
2021-03-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4893-1)
2021-03-26 00:00:00
Mozilla Firefox Security Advisory (MFSA2021-10) - Linux
2021-11-08 00:00:00
Mozilla Firefox Security Advisory (MFSA2021-10) - Mac OS X
2021-03-26 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2021-03-25 00:00:00
osv
osv
firefox vulnerabilities
2021-03-25 22:36:31
kaspersky
kaspersky
KLA12127 Multiple vulnerabilities in Mozilla Firefox
2021-03-23 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 87 — Mozilla
2021-03-23 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2021-04-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1835
2021-07-02 16:43:38