Vulnerability CVE-2021-38506: Information

Description

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-38506

Published: Dec. 9, 2021

Modified: Dec. 9, 2022

Error type identifier: CWE-1021

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	94.0-alt1	127.0-alt1	ALT-PU-2021-3215-1	288748	Fixed
firefox	p10	94.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2021-3391-1	288832	Fixed
firefox	p9	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-4339-1	319683	Fixed
firefox	c10f1	94.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2021-3391-1	288832	Fixed
firefox	c9f2	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-1139-1	309126	Fixed
firefox	p11	94.0-alt1	126.0.1-alt1	ALT-PU-2021-3215-1	288748	Fixed
firefox-esr	sisyphus	91.3.0-alt1	115.11.0-alt1	ALT-PU-2021-3214-1	288740	Fixed
firefox-esr	p10	91.3.0-alt1	115.11.0-alt1	ALT-PU-2021-3243-1	288753	Fixed
firefox-esr	p9	91.7.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2022-1781-1	288073	Fixed
firefox-esr	c10f1	91.3.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2021-3243-1	288753	Fixed
firefox-esr	c9f2	91.3.0-alt1.c9.1	102.12.0-alt0.c9.1	ALT-PU-2021-3369-1	288792	Fixed
firefox-esr	p11	91.3.0-alt1	115.11.0-alt1	ALT-PU-2021-3214-1	288740	Fixed
thunderbird	sisyphus	91.3.0-alt1	115.9.0-alt1	ALT-PU-2021-3226-1	288817	Fixed
thunderbird	p10	91.3.0-alt1	115.9.0-alt1	ALT-PU-2021-3259-1	288818	Fixed
thunderbird	p9	91.6.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2022-1783-1	288073	Fixed
thunderbird	c10f1	91.3.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2021-3259-1	288818	Fixed
thunderbird	c9f2	91.3.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2021-3370-1	288792	Fixed
thunderbird	p11	91.3.0-alt1	115.9.0-alt1	ALT-PU-2021-3226-1	288817	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2021-50/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1730750	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-49/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-48/	Vendor Advisory
DSA-5026	Third Party Advisory
[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update	Mailing List Third Party Advisory
DSA-5034	Third Party Advisory
[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update	Mailing List Third Party Advisory
GLSA-202202-03	Third Party Advisory
GLSA-202208-14	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  91.3.0
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  91.3.0
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  94.0
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2021-38506: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2