Vulnerabilities > CVE-2021-38492 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
Vulnerable Configurations
References
- https://www.mozilla.org/security/advisories/mfsa2021-41/
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1721107
- https://security.gentoo.org/glsa/202208-14