CVE-2021-38497
CVE-2021-38497
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →