CVE-2021-43538
4.3
MEDIUM
CVSS 3.1
EPSS 0.27%
Description
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
How to fix CVE-2021-43538
To remediate CVE-2021-43538, upgrade the affected package to a fixed version below.
- Debian/firefox-esr—upgrade to 91.4.1esr-1~deb11u1 or later
- —upgrade to 1:91.4.1-1~deb11u1 or later
Is CVE-2021-43538 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 91.4.1esr-1~deb11u1
- from 0, < 1:91.4.1-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |