Cyber Resilience

CVE-2021-47784

MediumPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 27.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47784 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2021-47784 is a denial of service vulnerability in Cyberfox Web Browser version 52.9.1. The flaw allows attackers to crash the application by overflowing the search bar with excessive data, such as a 9,000,000 byte payload. It is associated with CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with network accessibility and low attack complexity.

A remote attacker with no privileges can exploit this vulnerability by generating and delivering the oversized payload to the search bar, triggering an application crash. This results in complete denial of service for the affected browser instance, rendering it unusable until restart.

References include an archived Cyberfox website at https://web.archive.org/web/20180906035057/https://cyberfox.8pecxstudios.com/ and an Exploit-DB entry at https://www.exploit-db.com/exploits/50336, which documents the exploit. No specific mitigation or patch details are provided in the available information.

EU & UK References

Vulnerability details

Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to…

more

trigger an application crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct DoS via resource exhaustion in application input handling maps to application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47877Shared CWE-770
CVE-2026-3260Shared CWE-770
CVE-2025-66560Shared CWE-770
CVE-2025-68136Shared CWE-770
CVE-2020-37038Shared CWE-770
CVE-2025-36070Shared CWE-770
CVE-2021-47791Shared CWE-770
CVE-2021-47876Shared CWE-770
CVE-2019-25342Shared CWE-770
CVE-2026-44004Shared CWE-770

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly implements controls to limit or detect denial-of-service events like overflowing the browser search bar with a 9MB payload causing application crash.

prevent

Restricts quantities of data that can be entered into the search bar, directly mitigating CWE-770 resource allocation without limits or throttling.

preventdetectrecover

Protects system resource availability against exhaustion from oversized inputs by monitoring and limiting effects of such DoS attacks.

References