CVE-2021-43533 — Mozilla Firefox vulnerability

5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 59.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 8

Latest updateDec 9

Description

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/firefox< firefox 94.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 94

▶NVDmozilla/firefox< 94.0

▶Ubuntumozilla/firefox< 94.0+build3-0ubuntu0.18.04.1+2

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-v2fg-9ph4-5293: When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could↗2021-12-09

▶

OSV

CVE-2021-43533: When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could↗2021-12-08

▶

📋Vendor Advisories

Debian

CVE-2021-43533: firefox - When parsing internationalized domain names, high bits of the characters in the ...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-48: CVE-2021-43533↗

▶