CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
70.0%
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982,
CVE-2021-23983, CVE-2021-23987, CVE-2021-23988)
It was discovered that extensions could open popup windows with control
of the window title in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to spook a website and trick the user into providing
credentials. (CVE-2021-23984)
It was discovered that the DevTools remote debugging feature could be
enabled without an indication to the user. If a local attacker could
modify the browser configuration, a remote attacker could potentially
exploit this to obtain sensitive information. (CVE-2021-23985)
It was discovered that extensions could read the response of cross
origin requests in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to obtain sensitive information. (CVE-2021-23986)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.10 | noarch | firefox | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-dbg | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-dev | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-geckodriver | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-locale-af | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-locale-an | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-locale-ar | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-locale-as | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-locale-ast | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
Ubuntu | 20.10 | noarch | firefox-locale-az | < 87.0+build3-0ubuntu0.20.10.1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
70.0%