PRIOn knowledge basePRION:CVE-2021-38509

HistoryDec 08, 2021 - 10:15 p.m.

Code injection

2021-12-0822:15:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker’s choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
debian_linuxeq11.0
firefoxlt94.0
firefox_esrlt91.3.0
thunderbirdlt91.3.0

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
debian_linux	eq	11.0
firefox	lt	94.0
firefox_esr	lt	91.3.0
thunderbird	lt	91.3.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1718571

lists.debian.org/debian-lts-announce/2021/12/msg00030.html

lists.debian.org/debian-lts-announce/2022/01/msg00001.html

security.gentoo.org/glsa/202202-03

security.gentoo.org/glsa/202208-14

www.debian.org/security/2021/dsa-5026

www.debian.org/security/2022/dsa-5034

www.mozilla.org/security/advisories/mfsa2021-48/

www.mozilla.org/security/advisories/mfsa2021-49/

www.mozilla.org/security/advisories/mfsa2021-50/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON

Related for PRION:CVE-2021-38509