{"id":"CVE-2021-38509","details":"Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox \u003c 94, Thunderbird \u003c 91.3, and Firefox ESR \u003c 91.3.","modified":"2026-04-16T04:30:44.856575621Z","published":"2021-12-08T22:15:09.050Z","related":["ALSA-2021:4123","ALSA-2021:4130","SUSE-SU-2021:3651-1","SUSE-SU-2021:3721-1","SUSE-SU-2021:3745-1","SUSE-SU-2021:4150-1","openSUSE-SU-2021:1635-1","openSUSE-SU-2021:3745-1","openSUSE-SU-2021:4150-1","openSUSE-SU-2024:11607-1","openSUSE-SU-2024:11614-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5034"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-48/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-49/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-50/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202202-03"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-14"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5026"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1718571"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38509.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"94.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.3.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}