Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-38492

Published: 03/11/2021 Updated: 09/12/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mozilla

Vulnerability Summary

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow malicious users to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox_esr

mozilla thunderbird

Vendor Advisories

Arch Linux Issues:
When delegating navigations to the operating system, Firefox before version 911 and Thunderbird before version 7814 would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode This bug only affects Firefox for Windows Other operating systems are unaffected ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 91.1
Mozilla Foundation Security Advisory 2021-41 Security Vulnerabilities fixed in Thunderbird 911 Announced September 7, 2021 Impact low Products Thunderbird Fixed in Thunderbird 911 ...
Mozilla: Security Vulnerabilities fixed in Firefox 92
Mozilla Foundation Security Advisory 2021-38 Security Vulnerabilities fixed in Firefox 92 Announced September 7, 2021 Impact high Products Firefox Fixed in Firefox 92 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 91.1
Mozilla Foundation Security Advisory 2021-40 Security Vulnerabilities fixed in Firefox ESR 911 Announced September 7, 2021 Impact low Products Firefox ESR Fixed in Firefox ESR 911 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 78.14
Mozilla Foundation Security Advisory 2021-39 Security Vulnerabilities fixed in Firefox ESR 7814 Announced September 7, 2021 Impact moderate Products Firefox ESR Fixed in Firefox ESR 7814 ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 78.14
Mozilla Foundation Security Advisory 2021-42 Security Vulnerabilities fixed in Thunderbird 7814 Announced September 7, 2021 Impact moderate Products Thunderbird Fixed in Thunderbird 7814 ...

References

NVD-CWE-noinfohttps://www.mozilla.org/security/advisories/mfsa2021-41/https://www.mozilla.org/security/advisories/mfsa2021-40/https://www.mozilla.org/security/advisories/mfsa2021-42/https://www.mozilla.org/security/advisories/mfsa2021-38/https://www.mozilla.org/security/advisories/mfsa2021-39/https://bugzilla.mozilla.org/show_bug.cgi?id=1721107https://security.gentoo.org/glsa/202208-14https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-38492https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook