{"containers": {"cna": {"affected": [{"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "78.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "87", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "78.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9."}], "problemTypes": [{"descriptions": [{"description": "Internal network hosts could have been probed by a malicious webpage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-24T13:28:49", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-23982", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "78.9"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "87"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "78.9"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Internal network hosts could have been probed by a malicious webpage"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2021-10/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2021-12/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2021-11/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:14:09.972Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-23982", "datePublished": "2021-03-31T13:42:04", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2024-08-03T19:14:09.972Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "3533FF74-0FD6-447B-9C37-D491D18EA529", "versionEndExcluding": "87.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "907D294D-2667-4A67-A4B7-2DDE46BE592D", "versionEndExcluding": "78.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB6DE7E3-8F1B-4525-8992-FCDC7CC063D3", "versionEndExcluding": "78.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9."}, {"lang": "es", "value": "Usando t\u00e9cnicas que se basaron en la investigaci\u00f3n de slipstream, una p\u00e1gina web maliciosa podr\u00eda haber escaneado tanto los hosts de una red interna como los servicios que se ejecutan en la m\u00e1quina local del usuario usando conexiones WebRTC. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.9, Firefox versiones anteriores a 87, y Thunderbird versiones anteriores a 78.9"}], "id": "CVE-2021-23982", "lastModified": "2021-08-06T18:19:01.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-31T14:15:19.000", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677046"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-10/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Seri, Gregory Vishnepolsky, and Samy Kamkar as the original reporters.", "affected_release": [{"advisory": "RHSA-2021:0992", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:78.9.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0996", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:78.9.0-3.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0990", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:78.9.0-1.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0993", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:78.9.0-3.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0991", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "firefox-0:78.9.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0995", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:78.9.0-3.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0989", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:78.9.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-03-25T00:00:00Z"}, {"advisory": "RHSA-2021:0994", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:78.9.0-3.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-03-25T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Internal network hosts could have been probed by a malicious webpage", "id": "1942785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942785"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9."], "name": "CVE-2021-23982", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2021-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-23982\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23982\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982"], "threat_severity": "Moderate", "upstream_fix": "thunderbird 78.9, firefox 78.9"}