CVE-2021-43544
Severity:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
08/12/2021
Last modified:
10/12/2021
Description
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 95.0 (excluding) | |
cpe:2.3:o:google:android:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page