CVE-2021-43532
Last modified
CVE-2021-43532 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 94.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1719203Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-48/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1719203Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-48/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-43532?
How severe is CVE-2021-43532?
How do I fix CVE-2021-43532?
Are you affected by CVE-2021-43532?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST