Описание
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 95.0-1 | package | |
| firefox-esr | fixed | 91.4.0esr-1 | package | |
| thunderbird | fixed | 1:91.4.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541
Связанные уязвимости
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
Уязвимость браузера Mozilla Firefox и почтового клиента Mozilla Thunderbird, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти существующие ограничения безопасности