PT-2021-23862 · Mozilla+1 · Firefox For Android+1
Irwan
·
Published
2021-12-08
·
Updated
2024-12-12
·
CVE-2021-43544
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox for Android versions prior to 95
Description
The issue arises when Firefox for Android receives a URL through a SEND intent. Instead of directly loading the URL, Firefox would initially search for the text. However, subsequent uses of the address bar could cause the URL to load unintentionally. This unintended loading could lead to cross-site scripting (XSS) and spoofing attacks. It's noted that this issue only affects Firefox for Android, with other operating systems being unaffected.
Recommendations
For versions prior to 95, update to version 95 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the address bar after receiving a URL through a SEND intent until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Firefox For Android