CVE-2021-38492

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.31 % (70^th)

Affected Products 4

Advisories 18

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2021-11-03 01:15:07
(2 years ago)
Updated Date: 2022-12-09 19:19:12
(21 months ago)

Affected Products

Microsoft

Windows

Mozilla

Configuration #1

AND

		CPE23	From	Up To
OR
	Mozilla Firefox prior 92.0 version	cpe:2.3:a:mozilla:firefox		< 92.0
OR
	Running on/with
	Mozilla Firefox Esr prior 78.14 version	cpe:2.3:a:mozilla:firefox_esr		< 78.14
OR
	Running on/with
	Mozilla Firefox Esr from 91.0 version and prior 91.1 version	cpe:2.3:a:mozilla:firefox_esr	>= 91.0	< 91.1
OR
	Running on/with
	Mozilla Thunderbird prior 78.14 version	cpe:2.3:a:mozilla:thunderbird		< 78.14
OR
	Running on/with
	Mozilla Thunderbird from 91.0 version and prior 91.1 version	cpe:2.3:a:mozilla:thunderbird	>= 91.0	< 91.1
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-