Ubuntu.comUB:CVE-2021-43532CVE-2021-43532
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
36.7%
The ‘Copy Image Link’ context menu action would copy the final image URL
after redirects. By embedding an image that triggered authentication flows
- in conjunction with a Content Security Policy that stopped a redirection
chain in the middle - the final image URL could be one that contained an
authentication token used to takeover a user account. If a website tricked
a user into copy and pasting the image link back to the page, the page
would be able to steal the authentication tokens. This was fixed by making
the action return the original URL, before any redirects. This
vulnerability affects Firefox < 94.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
References
bugzilla.mozilla.org/show_bug.cgi?id=1719203
launchpad.net/bugs/cve/CVE-2021-43532
nvd.nist.gov/vuln/detail/CVE-2021-43532
security-tracker.debian.org/tracker/CVE-2021-43532
www.cve.org/CVERecord?id=CVE-2021-43532
www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532
www.mozilla.org/security/advisories/mfsa2021-48/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
36.7%