Vulnerabilities > CVE-2021-23972 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.
Vulnerable Configurations
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1683536
- https://bugzilla.mozilla.org/show_bug.cgi?id=1683536
- https://security.gentoo.org/glsa/202104-10
- https://security.gentoo.org/glsa/202104-10
- https://www.mozilla.org/security/advisories/mfsa2021-07/
- https://www.mozilla.org/security/advisories/mfsa2021-07/