First published: Tue Jan 26 2021(Updated: )
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
<85 | 85 | |
Mozilla Firefox | <85.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Mozilla Thunderbird | <78.10 | 78.10 |
<78.10 | 78.10 | |
<78.10 | 78.10 | |
debian/firefox | 118.0.2-1 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 | |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.3.1-1~deb10u1 1:102.13.1-1~deb11u1 1:115.3.1-1~deb11u1 1:102.15.1-1~deb12u1 1:115.3.1-1~deb12u1 1:115.3.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2021-23961 refers to a vulnerability that could expose both an internal network's hosts and services running on the user's local machine.
Mozilla Thunderbird (up to version 78.10), Mozilla Firefox (up to version 85), and Mozilla Firefox ESR (up to version 78.10) are affected by CVE-2021-23961.
CVE-2021-23961 has a severity level of medium.
Ensure that you have updated Mozilla Thunderbird, Mozilla Firefox, and Mozilla Firefox ESR to the latest versions available, as specified in the remedy section.
You can refer to the following references for more information about CVE-2021-23961: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1677940), [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/), and [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/).