CVE-2021-43533
Published: 8 December 2021
When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(94.0+build3-0ubuntu0.18.04.1)
|
| focal |
Not vulnerable
(94.0+build3-0ubuntu0.20.04.1)
|
|
| hirsute |
Not vulnerable
(94.0+build3-0ubuntu0.21.04.1)
|
|
| impish |
Not vulnerable
(94.0+build3-0ubuntu0.21.10.1)
|
|
| jammy |
Not vulnerable
(94.0+build3-0ubuntu1)
|
|
| kinetic |
Not vulnerable
(94.0+build3-0ubuntu1)
|
|
| lunar |
Not vulnerable
(94.0+build3-0ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(94)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |