CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23959
https://notcve.org/view.php?id=CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. Un bug de tipo XSS en las páginas de error internas podría conllevar a varios ataques de suplantación de identidad, incluyendo otras páginas de error y la barra de direcciones. • https://bugzilla.mozilla.org/show_bug.cgi?id=1659035 https://www.mozilla.org/security/advisories/mfsa2021-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23970
https://notcve.org/view.php?id=CVE-2021-23970
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. Un código específico de contexto en una tabla de salto compartido; resultando en afirmaciones que se desencadenan en código wasm multi-hilo (multi-subproceso). Esta vulnerabilidad afecta a Firefox versiones anteriores a 86 • https://bugzilla.mozilla.org/show_bug.cgi?id=1681724 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23971
https://notcve.org/view.php?id=CVE-2021-23971
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. Cuando se procesa un redireccionamiento con una Política de Referencia en conflicto, Firefox habría adoptado la Política de Referencia de redireccionamiento. Esto podría haber conllevado a que se proporcionara más información de la que pretendía mediante la fuente original hacia el destino del redireccionamiento. • https://bugzilla.mozilla.org/show_bug.cgi?id=1678545 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23972
https://notcve.org/view.php?id=CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. Una táctica de phishing en la web es proporcionar un enlace con Autenticación HTTP . • https://bugzilla.mozilla.org/show_bug.cgi?id=1683536 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23974
https://notcve.org/view.php?id=CVE-2021-23974
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. La API DOMParser no procesó apropiadamente los elementos "(noscript)" para escapar. Esto podría ser usado como un vector mXSS para omitir un Sanitizador HTML. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 •