{"id":"CVE-2021-38497","details":"Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox \u003c 93, Thunderbird \u003c 91.2, and Firefox ESR \u003c 91.2.","modified":"2026-05-04T08:30:50.957982Z","published":"2021-11-03T01:15:07.427Z","withdrawn":"2026-05-04T08:30:50.957982Z","related":["SUSE-SU-2021:14826-1","SUSE-SU-2021:3331-1","SUSE-SU-2021:3446-1","SUSE-SU-2021:3451-1","SUSE-SU-2021:4150-1","openSUSE-SU-2021:1367-1","openSUSE-SU-2021:1635-1","openSUSE-SU-2021:3331-1","openSUSE-SU-2021:3451-1","openSUSE-SU-2021:4150-1","openSUSE-SU-2024:11570-1","openSUSE-SU-2024:11571-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-45/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-47/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-43/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1726621"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"93.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.2"}]},{"events":[{"introduced":"0"},{"fixed":"91.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38497.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}