CVE-2021-47784
Published: 15 January 2026
Summary
CVE-2021-47784 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2021-47784 is a denial of service vulnerability in Cyberfox Web Browser version 52.9.1. The flaw allows attackers to crash the application by overflowing the search bar with excessive data, such as a 9,000,000 byte payload. It is associated with CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with network accessibility and low attack complexity.
A remote attacker with no privileges can exploit this vulnerability by generating and delivering the oversized payload to the search bar, triggering an application crash. This results in complete denial of service for the affected browser instance, rendering it unusable until restart.
References include an archived Cyberfox website at https://web.archive.org/web/20180906035057/https://cyberfox.8pecxstudios.com/ and an Exploit-DB entry at https://www.exploit-db.com/exploits/50336, which documents the exploit. No specific mitigation or patch details are provided in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2764
Vulnerability details
Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to…
more
trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct DoS via resource exhaustion in application input handling maps to application exploitation for endpoint denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements controls to limit or detect denial-of-service events like overflowing the browser search bar with a 9MB payload causing application crash.
Restricts quantities of data that can be entered into the search bar, directly mitigating CWE-770 resource allocation without limits or throttling.
Protects system resource availability against exhaustion from oversized inputs by monitoring and limiting effects of such DoS attacks.