CVE-2021-38492
N/A
N/A
Summary
When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 92 | affected |
| Mozilla | Thunderbird | unspecified < 91.1 | affected |
| Mozilla | Thunderbird | unspecified < 78.14 | affected |
| Mozilla | Firefox ESR | unspecified < 78.14 | affected |
| Mozilla | Firefox ESR | unspecified < 91.1 | affected |
Weaknesses
- Navigating to
mk:URL scheme could load Internet Explorer
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-41/
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1721107
- https://security.gentoo.org/glsa/202208-14
References
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-41/
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1721107
- https://security.gentoo.org/glsa/202208-14
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.