SecuritySpace - CVE-2021-23986

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2021-23986

Description: A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-23986
https://bugzilla.mozilla.org/show_bug.cgi?id=1692623
https://bugzilla.mozilla.org/show_bug.cgi?id=1692623
https://www.mozilla.org/security/advisories/mfsa2021-10/
https://www.mozilla.org/security/advisories/mfsa2021-10/

CVE ID:	CVE-2021-23986
Description:	A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2021-23986 https://bugzilla.mozilla.org/show_bug.cgi?id=1692623 https://bugzilla.mozilla.org/show_bug.cgi?id=1692623 https://www.mozilla.org/security/advisories/mfsa2021-10/ https://www.mozilla.org/security/advisories/mfsa2021-10/