← back
CVE-2021-38506

CVE-2021-38506

EPSS 1.5%
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1730750https://lists.debian.org/debian-lts-announce/2021/12/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2022/01/msg00001.htmlhttps://security.gentoo.org/glsa/202202-03https://security.gentoo.org/glsa/202208-14https://www.debian.org/security/2021/dsa-5026https://www.debian.org/security/2022/dsa-5034https://www.mozilla.org/security/advisories/mfsa2021-48/https://www.mozilla.org/security/advisories/mfsa2021-49/https://www.mozilla.org/security/advisories/mfsa2021-50/