Rewterz Threat Advisory – Multiple Mozilla Thunderbird and Firefox Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-43538 

Mozilla Thunderbird could allow a remote attacker to conduct spoofing attacks, caused by missing fullscreen and pointer lock notification when requesting both. By misusing a race in our notification code, an attacker could exploit this vulnerability to spoof notification.

CVE-2021-43528 

Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the unexpected enablement of JavaScript in the composition area. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to launch further attacks on the system.

CVE-2021-43546 

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when a native cursor is zoomed. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct a cursor spoofing attack.

CVE-2021-43545 

Mozilla Firefox is vulnerable to a denial of service, caused by an error when using the Location API in a loop. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.

CVE-2021-43544 

Mozilla Firefox for Android is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when receiving a URL through a SEND intent. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2021-43543 

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the bypass of CSP sandbox directive when embedding By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow documents loaded with the CSP sandbox directive to escape.

CVE-2021-43542 

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error when using XMLHttpRequest error codes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to leak the existence of an external protocol handler.

CVE-2021-43539 

Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when calling wasm instance methods. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.

CVE-2021-43541 

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when invoking protocol handlers for external protocols. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow external protocol handler parameters to escape.

CVE-2021-43540 

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error within WebExtensions with the correct permissions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension.

Impact

• Unauthorized Access
• Security Bypass
• Denial of Service
• Cross-Site Scripting
• Information Disclosure

Affected Vendors

Mozilla

Affected Products

• Mozilla Firefox 94
• Mozilla Firefox ESR 91.3
• Mozilla Thunderbird 91.3

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.