When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.
References
| Link | Resource |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1739934 | Issue Tracking Permissions Required |
| https://www.mozilla.org/security/advisories/mfsa2021-52/ | Vendor Advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1739934 | Issue Tracking Permissions Required |
| https://www.mozilla.org/security/advisories/mfsa2021-52/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 06:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1739934 - Issue Tracking, Permissions Required | |
| References | () https://www.mozilla.org/security/advisories/mfsa2021-52/ - Vendor Advisory |
Information
Published : 2021-12-08 22:15
Updated : 2024-11-21 06:29
NVD link : CVE-2021-43544
Mitre link : CVE-2021-43544
CVE.ORG link : CVE-2021-43544
JSON object : View
Products Affected
mozilla
- firefox
- android
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')