Vulnerability CVE-2021-43544: Information

Description

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-43544
Published: Dec. 9, 2021
Modified: Dec. 10, 2021
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus95.0-alt1125.0.3-alt1ALT-PU-2021-3496-1291654Fixed
firefoxp1095.0.1-alt1118.0.2-alt0.p10.1ALT-PU-2021-3576-1291719Fixed
firefoxp9105.0.1-alt0.c9.1105.0.1-alt0.c9.1ALT-PU-2023-4339-1319683Fixed
firefoxc10f195.0.1-alt1112.0.2-alt0.p10.1ALT-PU-2021-3576-1291719Fixed
firefoxc9f2105.0.1-alt0.c9.1105.0.1-alt0.c9.1ALT-PU-2023-1139-1309126Fixed
firefox-esrp9102.6.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4336-1319683Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2021-52/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1739934
  • Issue Tracking
  • Permissions Required

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top