CVE-2021-43530 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

6.0%

top 9.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 8

Latest updateDec 9

Description

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶debiandebian/firefox< firefox 94.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 94

▶NVDmozilla/firefox< 94.0

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-mgfp-hcp6-39f4: A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code↗2021-12-09

▶

📋Vendor Advisories

Debian

CVE-2021-43530: firefox - A Universal XSS vulnerability was present in Firefox for Android resulting from ...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-48: CVE-2021-43530↗

▶