When delegating navigations to the operating system, Firefox before version 91.1 and Thunderbird before version 78.14 would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.
When delegating navigations to the operating system, Firefox before version 91.1 and Thunderbird before version 78.14 would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.
https://www.mozilla.org/security/advisories/mfsa2021-38/ https://www.mozilla.org/security/advisories/mfsa2021-41/ https://www.mozilla.org/security/advisories/mfsa2021-42/ https://bugzilla.mozilla.org/show_bug.cgi?id=1721107