VDB
DEBIAN-CVE-2021-43538
DEBIAN-CVE-2021-43538
PUBLISHED
CVSS 4.300000190734863 MEDIUM
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | firefox-esr | 0, 0, 0 |
| Debian:13 | thunderbird | 0, 0, 0 |
| Debian:11 | firefox-esr | 78.14.0esr-1~deb10u1, 91.4.0esr-1, 91.4.1esr-1~deb9u1 |
| Debian:12 | thunderbird | 0, 0, 0 |
| Debian:14 | thunderbird | 0, 0, 0 |
| Debian:14 | firefox-esr | 0, 0, 0 |
| Debian:11 | thunderbird | *, *, 0 |
| Debian:13 | firefox-esr | 0, 0, 0 |
Exploit Intelligence
- cve_test.go (github-poc)
- cve_test.go (github-poc)
Timeline
- Dec 8, 2021 CVE Published
- Apr 28, 2026 CVE Updated