{
  "id": "CVE-2021-23963",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2021-02-26T03:15:14.137",
  "lastModified": "2021-03-03T20:11:04.663",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85."
    },
    {
      "lang": "es",
      "value": "Cuando se comparten la geolocalizaci\u00f3n durante un recurso compartido de WebRTC activo, Firefox podr\u00eda haber restablecido el estado del intercambio de webRTC en la interfaz de usuario, conllevando a una p\u00e9rdida de control sobre el permiso otorgado actualmente.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 85"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-281"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "85.0",
              "matchCriteriaId": "403EA47E-6B2D-4082-BFF2-E764C8356854"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1680793",
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    }
  ]
}