Notification Spoofing Vulnerability in Thunderbird and Firefox

Notification Spoofing Vulnerability in Thunderbird and Firefox

CVE-2021-43538 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Learn more about our Web Application Penetration Testing UK.