Login Sign Up

CVE-2021-23972

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Firefox allows attackers to bypass phishing warnings when using HTTP authentication in malicious URLs. By exploiting cached redirects, attackers can make phishing links appear legitimate without triggering Firefox's security dialog. This affects all Firefox users running versions below 86.

💻 Affected Systems

Products:
  • Mozilla Firefox
Versions: All versions < 86
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default Firefox configurations are vulnerable. The issue specifically affects how Firefox handles cached redirects with HTTP authentication in URLs.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering credentials on sophisticated phishing sites that appear legitimate, leading to credential theft and account compromise.

🟠

Likely Case

Users might be redirected to phishing sites that bypass browser warnings, increasing the likelihood of credential harvesting attacks.

🟢

If Mitigated

With updated browsers, users see proper warnings for suspicious URLs containing HTTP authentication, significantly reducing phishing success rates.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit requires user interaction (clicking a link) but is technically simple to implement. Phishing campaigns could easily incorporate this technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 86 and later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2021-07/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click the menu button (three horizontal lines). 3. Select Help > About Firefox. 4. Firefox will check for updates and install them automatically. 5. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable HTTP Authentication Caching

all

Prevent Firefox from caching HTTP authentication redirects that could bypass security warnings

about:config
Set network.http.redirection-limit to 0

Use Alternative Browser

all

Temporarily switch to a different browser that is not affected by this vulnerability

🧯 If You Can't Patch

  • Implement web filtering to block known phishing domains and suspicious URLs containing @ symbols
  • Enable enhanced phishing protection in Firefox settings and use security extensions

🔍 How to Verify

Check if Vulnerable:

Check Firefox version: Open Firefox > Help > About Firefox. If version is less than 86, you are vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

After updating, verify version is 86 or higher in About Firefox. Test with known phishing URLs containing HTTP authentication.

📡 Detection & Monitoring

Log Indicators:

  • User reports of suspicious URLs bypassing browser warnings
  • Increased failed authentication attempts from unexpected sources

Network Indicators:

  • HTTP requests containing @ symbols in unusual positions
  • Redirects to domains following @ in URLs

SIEM Query:

url:*@* AND (event_category:web OR protocol:http)

📊 Metadata

CVE ID: CVE-2021-23972
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: February 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON