CVE-2021-23972

Summary

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox< 86affected

Weaknesses

  • HTTP Auth phishing warning was omitted when a redirect is cached

ADP Enrichment

CVE Program Container

Additional References

References