CVE-2021-43538

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43538

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43538.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-43538

Downstream

DEBIAN-CVE-2021-43538

DLA-2863-1

DLA-2874-1

DSA-5026-1

DSA-5034-1

OESA-2023-1673

OESA-2023-1674

RHSA-2021:5013

RHSA-2021:5014

RHSA-2021:5015

RHSA-2021:5016

RHSA-2021:5017

RHSA-2021:5045

RHSA-2021:5046

RHSA-2021:5047

RHSA-2021:5048

RHSA-2021:5055

SUSE-SU-2021:14859-1

SUSE-SU-2021:3993-1

SUSE-SU-2021:3995-1

SUSE-SU-2021:4000-1

SUSE-SU-2021:4150-1

UBUNTU-CVE-2021-43538

USN-5186-1

USN-5248-1

openSUSE-SU-2021:1575-1

openSUSE-SU-2021:1635-1

openSUSE-SU-2021:3993-1

openSUSE-SU-2021:4150-1

openSUSE-SU-2024:11669-1

openSUSE-SU-2024:11670-1

openSUSE-SU-2024:14572-1

Related

Published

2021-12-08T22:15:09Z

Modified

2025-08-09T20:01:26Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

References

Affected packages