Lucene search

PRIOn knowledge basePRION:CVE-2021-43546

HistoryDec 08, 2021 - 10:15 p.m.

Code injection

2021-12-0822:15:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.6%

JSON

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
debian_linuxeq11.0
firefoxlt95.0
firefox_esrlt91.4.0
thunderbirdlt91.4.0

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
debian_linux	eq	11.0
firefox	lt	95.0
firefox_esr	lt	91.4.0
thunderbird	lt	91.4.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1737751

lists.debian.org/debian-lts-announce/2021/12/msg00030.html

lists.debian.org/debian-lts-announce/2022/01/msg00001.html

security.gentoo.org/glsa/202202-03

security.gentoo.org/glsa/202208-14

www.debian.org/security/2021/dsa-5026

www.debian.org/security/2022/dsa-5034

www.mozilla.org/security/advisories/mfsa2021-52/

www.mozilla.org/security/advisories/mfsa2021-53/

www.mozilla.org/security/advisories/mfsa2021-54/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for PRION:CVE-2021-43546