Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-38506

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Related bugs and status

CVE-2021-38506 (Candidate) is related to these bugs:

Bug #1949605: Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS

		In	Importance	Status
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu)	Undecided	Fix Released
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu Focal)	Undecided	Fix Released
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu Hirsute)	Undecided	Fix Released
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.mozil...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
DEBIAN: DSA-5026
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-5034
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-202202-03
GENTOO: GLSA-202208-14