VIR Vulnerability Intelligence Relay

CVE-2021-23953

high
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
8.0

Description

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-23953

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-23953.html

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202102-1

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202102-2

OS impact
OSVersionStatusFixed in
arch archfixed78.7.0-1
suse slesaffected
debian debiansidfixed85.0-1
debian debianbookwormfixed78.7.0esr-1
debian debianbullseyefixed78.7.0esr-1
debian debianforkyfixed78.7.0esr-1
debian debiantrixiefixed78.7.0esr-1

References

Verify integrity in audit chain (admin only). AS-IS.