CVE-2021-38492

Опубликовано: 07 сент. 2021

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	firefox	Not affected
Red Hat Enterprise Linux 6	thunderbird	Not affected
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 7	thunderbird	Not affected
Red Hat Enterprise Linux 8	firefox	Not affected
Red Hat Enterprise Linux 8	thunderbird	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-829

https://bugzilla.redhat.com/show_bug.cgi?id=2002118Mozilla: Navigating to `mk:` URL scheme could load Internet Explorer

EPSS

Процентиль: 61%

0.00406

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2021-38492

CVSS3: 6.5

ubuntu

больше 4 лет назад

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

CVE-2021-38492

CVSS3: 6.5

nvd

больше 4 лет назад

CVE-2021-38492

CVSS3: 6.5

debian

больше 4 лет назад

When delegating navigations to the operating system, Firefox would acc ...

GHSA-qq3m-5g62-2hhj

CVSS3: 6.5

github

больше 3 лет назад

SUSE-SU-2022:1582-1

suse-cvrf

больше 3 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 61%

0.00406

Низкий

6.1 Medium

CVSS3