CVE-2021-43546
Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed
Severity Score
Exploit Likelihood
Affected Versions
6Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
Se han podido recrear ataques anteriores de suplantaciĆ³n del cursor contra usuarios con un cursor nativo ampliado. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.4.0, Firefox ESR versiones anteriores a 91.4.0 y Firefox versiones anteriores a 95
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-08 CVE Reserved
- 2021-12-08 CVE Published
- 2024-08-04 CVE Updated
- 2025-04-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/1... | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/0... | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1737751 | 2022-12-09 | |
| https://security.gentoo.org/glsa/202202-03 | 2022-12-09 | |
| https://security.gentoo.org/glsa/202208-14 | 2022-12-09 | |
| https://www.debian.org/security/2021/dsa-5026 | 2022-12-09 | |
| https://www.debian.org/security/2022/dsa-5034 | 2022-12-09 | |
| https://www.mozilla.org/security/advisories/mfsa2021-52 | 2022-12-09 | |
| https://www.mozilla.org/security/advisories/mfsa2021-53 | 2022-12-09 | |
| https://www.mozilla.org/security/advisories/mfsa2021-54 | 2022-12-09 | |
| https://access.redhat.com/security/cve/CVE-2021-43546 | 2021-12-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2030115 | 2021-12-09 |