cve/2021/CVE-2021-43538.md

### [CVE-2021-43538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2091.4.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2095%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20fullscreen%20and%20pointer%20lock%20notification%20when%20requesting%20both&color=brighgreen)

### Description

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1739091

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-43538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%2091.4.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%2095%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20fullscreen%20and%20pointer%20lock%20notification%20when%20requesting%20both&color=brighgreen)`

			`### Description`

			`By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.`

			`### POC`

			`#### Reference`
			`- https://bugzilla.mozilla.org/show_bug.cgi?id=1739091`

			`#### Github`
			`No PoCs found on GitHub currently.`