Bug 2030109 (CVE-2021-43538) - CVE-2021-43538 Mozilla: Missing fullscreen and pointer lock notification when requesting both
Summary: CVE-2021-43538 Mozilla: Missing fullscreen and pointer lock notification when...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-43538
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2029262 2029263 2029264 2029265 2029266 2029267 2029268 2029274 2029735 2029736 2029737 2029738 2029739 2029740
Blocks: 2029260
TreeView+ depends on / blocked
 
Reported: 2021-12-08 02:35 UTC by Doran Moppert
Modified: 2022-05-25 07:43 UTC (History)
5 users (show)

Fixed In Version: firefox 91.4.0, thunderbird 91.4.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-12-08 11:05:29 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:5013 0 None None None 2021-12-08 10:09:19 UTC
Red Hat Product Errata RHSA-2021:5014 0 None None None 2021-12-08 10:26:55 UTC
Red Hat Product Errata RHSA-2021:5015 0 None None None 2021-12-08 10:11:26 UTC
Red Hat Product Errata RHSA-2021:5016 0 None None None 2021-12-08 10:11:54 UTC
Red Hat Product Errata RHSA-2021:5017 0 None None None 2021-12-08 10:00:14 UTC
Red Hat Product Errata RHSA-2021:5045 0 None None None 2021-12-09 12:37:53 UTC
Red Hat Product Errata RHSA-2021:5046 0 None None None 2021-12-09 12:53:17 UTC
Red Hat Product Errata RHSA-2021:5047 0 None None None 2021-12-09 12:36:30 UTC
Red Hat Product Errata RHSA-2021:5048 0 None None None 2021-12-09 12:38:21 UTC
Red Hat Product Errata RHSA-2021:5055 0 None None None 2021-12-09 14:43:54 UTC

Description Doran Moppert 2021-12-08 02:35:39 UTC
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538

Comment 1 errata-xmlrpc 2021-12-08 10:00:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2021:5017 https://access.redhat.com/errata/RHSA-2021:5017

Comment 2 errata-xmlrpc 2021-12-08 10:09:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5013 https://access.redhat.com/errata/RHSA-2021:5013

Comment 3 errata-xmlrpc 2021-12-08 10:11:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:5015 https://access.redhat.com/errata/RHSA-2021:5015

Comment 4 errata-xmlrpc 2021-12-08 10:11:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:5016 https://access.redhat.com/errata/RHSA-2021:5016

Comment 5 errata-xmlrpc 2021-12-08 10:26:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:5014 https://access.redhat.com/errata/RHSA-2021:5014

Comment 6 Product Security DevOps Team 2021-12-08 11:05:27 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-43538

Comment 7 errata-xmlrpc 2021-12-09 12:36:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:5047 https://access.redhat.com/errata/RHSA-2021:5047

Comment 8 errata-xmlrpc 2021-12-09 12:37:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5045 https://access.redhat.com/errata/RHSA-2021:5045

Comment 9 errata-xmlrpc 2021-12-09 12:38:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:5048 https://access.redhat.com/errata/RHSA-2021:5048

Comment 10 errata-xmlrpc 2021-12-09 12:53:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:5046 https://access.redhat.com/errata/RHSA-2021:5046

Comment 11 errata-xmlrpc 2021-12-09 14:43:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2021:5055 https://access.redhat.com/errata/RHSA-2021:5055


Note You need to log in before you can comment on or make changes to this bug.