CVE-2021-43544
Published: 8 December 2021
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Android only)
|
| focal |
Not vulnerable
(Android only)
|
|
| hirsute |
Not vulnerable
(Android only)
|
|
| impish |
Not vulnerable
(Android only)
|
|
| jammy |
Not vulnerable
(Android only)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(95)
|
|
| xenial |
Not vulnerable
(Android only)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.1 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |