Security Advisory

CVE-2021-38492

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-03 00:03:56
Last updated 2024-08-04 01:44:22
Assigner mozilla
State PUBLISHED

Description

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.