1. Home
  2. Vulnerabilities
  3. CVE-2021-38510

CVE-2021-38510

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.22 % (60th)
0.22% Progress
Affected Products 4
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2021-12-08 22:15:09
(2 years ago)
Updated Date
2022-07-12 17:42:04
(2 years ago)

Affected Products

Apple

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 94.0 version cpe:2.3:a:mozilla:firefox < 94.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 91.3.0 version cpe:2.3:a:mozilla:firefox_esr < 91.3.0
OR  
  Running on/with
  Mozilla Thunderbird prior 91.3.0 version cpe:2.3:a:mozilla:thunderbird < 91.3.0
OR  
  Running on/with
  Apple Macos cpe:2.3:o:apple:macos:-