{"id":"CVE-2021-38508","details":"By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.","modified":"2026-03-13T05:06:45.848419Z","published":"2021-12-08T22:15:09Z","related":["ALSA-2021:4123","ALSA-2021:4130","MGASA-2021-0505","MGASA-2021-0506","SUSE-SU-2021:3651-1","SUSE-SU-2021:3721-1","SUSE-SU-2021:3745-1","SUSE-SU-2021:4150-1","openSUSE-SU-2021:1635-1","openSUSE-SU-2021:3745-1","openSUSE-SU-2021:4150-1","openSUSE-SU-2024:11607-1","openSUSE-SU-2024:11614-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-50/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-14"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5034"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-49/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202202-03"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5026"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-48/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1366818"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38508.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"94.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.3.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}