Description
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-28/
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1713259
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202202-03
Scores
CVSS v3
6.5
EPSS
0.0026
EPSS Percentile
48.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
mozilla/firefox
< 90.0
Published
Aug 05, 2021
Tracked Since
Feb 18, 2026