CVE-2021-43546

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Weakness

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	95.0 (excluding)
Firefox_esr	Mozilla	*	91.4.0 (excluding)
Thunderbird	Mozilla	*	91.4.0 (excluding)
Red Hat Enterprise Linux 7	RedHat	firefox-0:91.4.0-1.el7_9	*
Red Hat Enterprise Linux 7	RedHat	thunderbird-0:91.4.0-3.el7_9	*
Red Hat Enterprise Linux 8	RedHat	firefox-0:91.4.0-1.el8_5	*
Red Hat Enterprise Linux 8	RedHat	thunderbird-0:91.4.0-2.el8_5	*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	RedHat	firefox-0:91.4.0-1.el8_1	*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	RedHat	thunderbird-0:91.4.0-2.el8_1	*
Red Hat Enterprise Linux 8.2 Extended Update Support	RedHat	firefox-0:91.4.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Extended Update Support	RedHat	thunderbird-0:91.4.0-2.el8_2	*
Red Hat Enterprise Linux 8.4 Extended Update Support	RedHat	firefox-0:91.4.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Extended Update Support	RedHat	thunderbird-0:91.4.0-2.el8_4	*
Firefox	Ubuntu	bionic	*
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	focal	*
Firefox	Ubuntu	hirsute	*
Firefox	Ubuntu	impish	*
Firefox	Ubuntu	jammy	*
Firefox	Ubuntu	kinetic	*
Firefox	Ubuntu	lunar	*
Firefox	Ubuntu	mantic	*
Firefox	Ubuntu	noble	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	xenial	*
Firefox-esr	Ubuntu	trusty	*
Firefox-esr	Ubuntu	upstream	*
Firefox-esr	Ubuntu	xenial	*
Mozjs38	Ubuntu	bionic	*
Mozjs38	Ubuntu	esm-apps/bionic	*
Mozjs38	Ubuntu	upstream	*
Mozjs52	Ubuntu	bionic	*
Mozjs52	Ubuntu	esm-apps/focal	*
Mozjs52	Ubuntu	esm-infra/bionic	*
Mozjs52	Ubuntu	focal	*
Mozjs52	Ubuntu	upstream	*
Mozjs68	Ubuntu	focal	*
Mozjs68	Ubuntu	upstream	*
Mozjs78	Ubuntu	esm-apps/jammy	*
Mozjs78	Ubuntu	hirsute	*
Mozjs78	Ubuntu	impish	*
Mozjs78	Ubuntu	jammy	*
Mozjs78	Ubuntu	kinetic	*
Mozjs78	Ubuntu	lunar	*
Mozjs78	Ubuntu	upstream	*
Thunderbird	Ubuntu	bionic	*
Thunderbird	Ubuntu	devel	*
Thunderbird	Ubuntu	focal	*
Thunderbird	Ubuntu	hirsute	*
Thunderbird	Ubuntu	impish	*
Thunderbird	Ubuntu	jammy	*
Thunderbird	Ubuntu	kinetic	*
Thunderbird	Ubuntu	lunar	*
Thunderbird	Ubuntu	mantic	*
Thunderbird	Ubuntu	noble	*
Thunderbird	Ubuntu	trusty	*
Thunderbird	Ubuntu	upstream	*
Thunderbird	Ubuntu	xenial	*

Potential Mitigations

The use of X-Frame-Options allows developers of web content to restrict the usage of their application within the form of overlays, frames, or iFrames. The developer can indicate from which domains can frame the content.
The concept of X-Frame-Options is well documented, but implementation of this protection mechanism is in development to cover gaps. There is a need for allowing frames from multiple domains.
A developer can use a “frame-breaker” script in each page that should not be framed. This is very helpful for legacy browsers that do not support X-Frame-Options security feature previously mentioned.
It is also important to note that this tactic has been circumvented or bypassed. Improper usage of frames can persist in the web application through nested frames. The “frame-breaking” script does not intuitively account for multiple nested frames that can be presented to the user.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-43546
CWE	https://cwe.mitre.org/data/definitions/1021.html

Improper Restriction of Rendered UI Layers or Frames

Weakness

Affected Software

Potential Mitigations

References

CVE-2021-43546

Improper Restriction of Rendered UI Layers or Frames

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References