---

CVE-2021-23984 - log back

CVE-2021-23984 edited at 23 Mar 2021 14:06:32
Description	- A security issue was found in Firefox before version 87. A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. + A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.
References	https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984 https://bugzilla.mozilla.org/show_bug.cgi?id=1693664

CVE-2021-23984 edited at 23 Mar 2021 13:58:37
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Content spoofing
Description	+ A security issue was found in Firefox before version 87. A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984 + https://bugzilla.mozilla.org/show_bug.cgi?id=1693664
Notes

CVE-2021-23984 created at 23 Mar 2021 13:53:51