CVE-2021-38497

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1726621
• https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/
• https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/
• https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/
• https://www.mozilla.org/security/advisories/mfsa2021-43/
• https://www.mozilla.org/security/advisories/mfsa2021-45/
• https://www.mozilla.org/security/advisories/mfsa2021-47/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2021-47
• MFSA2021-45
• MFSA2021-43

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2021-38502
• CVE-2021-38496
• CVE-2021-38497
• CVE-2021-38498
• CVE-2021-32810
• CVE-2021-38500
• CVE-2021-38501
• CVE-2021-43535
• CVE-2021-38499

Frequently Asked Questions

• What vulnerability is described in CVE-2021-38497?

  CVE-2021-38497 describes a vulnerability in Firefox, Thunderbird, and Firefox ESR that allows for plain-text validation message overlay and possible user confusion and spoofing attacks.

• Which software versions are affected by CVE-2021-38497?

  Firefox versions before 93, Thunderbird versions before 91.2, and Firefox ESR versions before 91.2 are affected by CVE-2021-38497.

• What is the severity rating of CVE-2021-38497?

  The severity rating of CVE-2021-38497 is medium with a score of 6.5.

• How can I fix CVE-2021-38497?

  To fix CVE-2021-38497, update to Firefox version 93 or higher, Thunderbird version 91.2 or higher, or Firefox ESR version 91.2 or higher.

• Where can I find more information about CVE-2021-38497?

  More information about CVE-2021-38497 can be found at the following references: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1726621), [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/), [Mozilla Security Advisories](https://www.mozilla.org/security/advisories/mfsa2021-43/).