CVE-2021-43533
Published: 8 December 2021
When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.
Notes
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(94.0+build3-0ubuntu0.18.04.1)
|
focal |
Not vulnerable
(94.0+build3-0ubuntu0.20.04.1)
|
|
hirsute |
Not vulnerable
(94.0+build3-0ubuntu0.21.04.1)
|
|
impish |
Not vulnerable
(94.0+build3-0ubuntu0.21.10.1)
|
|
jammy |
Not vulnerable
(94.0+build3-0ubuntu1)
|
|
kinetic |
Not vulnerable
(94.0+build3-0ubuntu1)
|
|
lunar |
Not vulnerable
(94.0+build3-0ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(94)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |