CVE-2021-23973

Details

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Affected Packages

Firefox

Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTS

Fixed in:

86

Mozilla Firefox

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

86

Mozilla Firefox ESR

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

78.8

Firefox ESR

macOS 14macOS 15macOS 26

Fixed in:

78.8

References

WEBhttps://bugzilla.mozilla.org/show_bug.cgi?id=1690976 WEBhttps://lists.debian.org/debian-lts-announce/2021/03/msg00000.html ADVISORYhttps://security.gentoo.org/glsa/202104-09 ADVISORYhttps://security.gentoo.org/glsa/202104-10 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2021-23973 ADVISORYhttps://www.debian.org/security/2021/dsa-4866 WEBhttps://www.mozilla.org/security/advisories/mfsa2021-07/WEBhttps://www.mozilla.org/security/advisories/mfsa2021-08/WEBhttps://www.mozilla.org/security/advisories/mfsa2021-09/

CVE-2021-23973

Details

Affected Packages

References

CVSS Analysis

Ecosystems(28)

Timeline