CVE-2021-43540

Type:

Unavailable / Other

Severity:

Medium

Publication date:

12/08/2021

Last modified:

03/16/2022

Description

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox

Impact

Access Vector: Through network

Access Complexity: Media

Authentication: Not required to exploit

Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability

Vulnerable software and versions

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

https://www.mozilla.org/security/advisories/mfsa2021-52/ (Source: MISC)
https://bugzilla.mozilla.org/show_bug.cgi?id=1636629 (Source: MISC)
GLSA-202202-03 (Source: GENTOO)

Explanation of fields

Corporate access

CVE-2021-43540