CVE-2021-43544

Published: Dec 8, 2021Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 95.0

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1739934

Source: security@mozilla.org

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2021-52/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1739934

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2021-52/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.