CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23957
https://notcve.org/view.php?id=CVE-2021-23957
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. Las navegaciones por medio del esquema de URL "intent" específico de Android podrían haber sido usado inapropiadamente para escapar del sandbox de iframe. • https://bugzilla.mozilla.org/show_bug.cgi?id=1584582 https://www.mozilla.org/security/advisories/mfsa2021-03 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23959
https://notcve.org/view.php?id=CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. Un bug de tipo XSS en las páginas de error internas podría conllevar a varios ataques de suplantación de identidad, incluyendo otras páginas de error y la barra de direcciones. • https://bugzilla.mozilla.org/show_bug.cgi?id=1659035 https://www.mozilla.org/security/advisories/mfsa2021-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23970
https://notcve.org/view.php?id=CVE-2021-23970
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. Un código específico de contexto en una tabla de salto compartido; resultando en afirmaciones que se desencadenan en código wasm multi-hilo (multi-subproceso). Esta vulnerabilidad afecta a Firefox versiones anteriores a 86 • https://bugzilla.mozilla.org/show_bug.cgi?id=1681724 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23971
https://notcve.org/view.php?id=CVE-2021-23971
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. Cuando se procesa un redireccionamiento con una Política de Referencia en conflicto, Firefox habría adoptado la Política de Referencia de redireccionamiento. Esto podría haber conllevado a que se proporcionara más información de la que pretendía mediante la fuente original hacia el destino del redireccionamiento. • https://bugzilla.mozilla.org/show_bug.cgi?id=1678545 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23972
https://notcve.org/view.php?id=CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. Una táctica de phishing en la web es proporcionar un enlace con Autenticación HTTP . • https://bugzilla.mozilla.org/show_bug.cgi?id=1683536 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 •