Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-43544
HistoryDec 08, 2021 - 12:00 a.m.

CVE-2021-43544

2021-12-0800:00:00
ubuntu.com
ubuntu.com
17
cve-2021-43544
firefox
android
url
spoofing
vulnerability
xss
spoofing attacks
firefox < 95

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.7%

When receiving a URL through a SEND intent, Firefox would have searched for
the text, but subsequent usages of the address bar might have caused the
URL to load unintentionally, which could lead to XSS and spoofing attacks.
This bug only affects Firefox for Android. Other operating systems are
unaffected.
. This vulnerability affects Firefox < 95.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.7%