CVE-2021-23963
First published: Tue Jan 26 2021(Updated: )
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <85 | 85 |
| Firefox | <85.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2021-23963?
CVE-2021-23963 has been classified as a medium severity vulnerability.
How do I fix CVE-2021-23963?
To fix CVE-2021-23963, users should update Mozilla Firefox to version 86 or later.
What impact does CVE-2021-23963 have on WebRTC sharing in Firefox?
CVE-2021-23963 can lead to users losing control over geolocation permissions during active WebRTC sharing.
In which versions of Firefox does CVE-2021-23963 exist?
CVE-2021-23963 affects Firefox versions prior to 86.
Can CVE-2021-23963 be exploited remotely?
Yes, CVE-2021-23963 can be exploited remotely if a user is tricked into sharing their geolocation.
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/mozilla
- canonical/firefox