CVE-2021-23959

Published: 26 February 2021

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Only affects Firefox for Android)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(Android only)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(Android only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(Android only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs38
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Android only)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(Android only)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs52
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Android only)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(Android only)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(Android only)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs60
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Android only)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs68
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Android only)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(Android only)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs78
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Android only)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

thunderbird
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Android only)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(Android only)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(Android only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(Android only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist