MFSA2021-10 Firefox: Security Vulnerabilities fixed in Firefox 87 (CVE-2021-23986)
Severity:
CVSS:
Published:
Created:
Added:
Modified:
Description:
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication.'
Solution(s)
- mozilla-firefox-upgrade-87_0
Reference(s)
OTHER SERVICES
Consulting Services
We help your team successfully protect your company within your budget.
LEARN MOREApplication Security Services
Achieve more-secure applications, compliant environments, and safer systems development with streamlined and repeatable processes.
LEARN MOREData Security Services
Protectyour critical data across multiple environments, meet privacy regulations and simplify operational complexity.
LEARN MORECloud Security Testing Services
Identify cloud vulnerabilities that tools alone cannot find.
LEARN MORESecurity Risk Services
Secure your operations and respond to threats with accuracy and speed.
LEARN MORECloud Security Monitoring Services
Real-time threat detection across your cloud deployments.
LEARN MORE