CVE-2021-38508 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Content spoofing |
| Description | A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2518 | thunderbird | 91.2.1-1 | 91.3.0-1 | High | Fixed | |
| AVG-2511 | firefox | 93.0-1 | 94.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Nov 2021 | ASA-202111-3 | AVG-2518 | thunderbird | High | multiple issues |
| 05 Nov 2021 | ASA-202111-2 | AVG-2511 | firefox | High | multiple issues |
| References |
|---|
https://www.mozilla.org/security/advisories/mfsa2021-48/ https://www.mozilla.org/security/advisories/mfsa2021-50/ https://bugzilla.mozilla.org/show_bug.cgi?id=1366818 |