{"id":"CVE-2021-43538","details":"By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird \u003c 91.4.0, Firefox ESR \u003c 91.4.0, and Firefox \u003c 95.","modified":"2026-03-15T22:42:12.200256Z","published":"2021-12-08T22:15:09.677Z","related":["ALSA-2021:5013","ALSA-2021:5045","MGASA-2021-0551","MGASA-2021-0554","SUSE-SU-2021:14859-1","SUSE-SU-2021:3993-1","SUSE-SU-2021:3995-1","SUSE-SU-2021:4000-1","SUSE-SU-2021:4150-1","openSUSE-SU-2021:1575-1","openSUSE-SU-2021:1635-1","openSUSE-SU-2021:3993-1","openSUSE-SU-2021:4150-1","openSUSE-SU-2024:11669-1","openSUSE-SU-2024:11670-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-14"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5034"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-52/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-54/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202202-03"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5026"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-53/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739091"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"95.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.4.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43538.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}