Show plain JSON{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "91.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "91.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "95", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95."}], "problemTypes": [{"descriptions": [{"description": "Missing fullscreen and pointer lock notification when requesting both", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T05:10:41", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739091"}, {"name": "DSA-5026", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-5026"}, {"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"}, {"name": "DSA-5034", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5034"}, {"name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"}, {"name": "GLSA-202202-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202202-03"}, {"name": "GLSA-202208-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-14"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-43538", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "91.4.0"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "91.4.0"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "95"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing fullscreen and pointer lock notification when requesting both"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2021-53/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2021-54/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2021-52/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739091", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739091"}, {"name": "DSA-5026", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5026"}, {"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"}, {"name": "DSA-5034", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5034"}, {"name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"}, {"name": "GLSA-202202-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202202-03"}, {"name": "GLSA-202208-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-14"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:07.658Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739091"}, {"name": "DSA-5026", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-5026"}, {"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"}, {"name": "DSA-5034", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5034"}, {"name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"}, {"name": "GLSA-202202-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202202-03"}, {"name": "GLSA-202208-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-14"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-43538", "datePublished": "2021-12-08T21:20:20", "dateReserved": "2021-11-08T00:00:00", "dateUpdated": "2024-08-04T04:03:07.658Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}