CVE-2021-38506
MEDIUMFirefox < 94.0 - UI Spoofing via Fullscreen Mode Navigation
Title source: llmDescription
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
References (10)
Core 10
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-49/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-50/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-48/
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1730750
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-5026
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5034
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202202-03
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-14
Scores
CVSS v3
4.3
EPSS
0.0146
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-1021
Status
published
Products (6)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
mozilla/firefox
< 94.0
mozilla/firefox_esr
< 91.3.0
mozilla/thunderbird
< 91.3.0
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026