cvedb.io
CVE-2021-43538
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2021-12-08T22:15:09.677 · Last modified 2026-06-17T04:11:05.583

Summary

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Affected products

mozilla — firefox

Does this affect you?

Add your gear to cvedb and we'll alert you only when mozilla ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.