CVE-2021-43542

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 1.56 % (88^th)

Affected Products 4

Advisories 31

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Weaknesses

CWE-209: Generation of Error Message Containing Sensitive Information

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2021-12-08 22:15:09
(2 years ago)
Updated Date: 2022-12-09 15:38:33
(21 months ago)

Affected Products

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 95.0 version	cpe:2.3:a:mozilla:firefox	< 95.0
Mozilla Firefox Esr prior 91.4.0 version	cpe:2.3:a:mozilla:firefox_esr	< 91.4.0
Mozilla Thunderbird prior 91.4.0 version	cpe:2.3:a:mozilla:thunderbird	< 91.4.0

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0