CVE-2021-38492 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary command execution
Description	When delegating navigations to the operating system, Firefox before version 91.1 and Thunderbird before version 78.14 would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2353	thunderbird	78.13.0-1	78.14.0-1	Medium	Not affected
AVG-2351	firefox	91.0.2-1	92.0-1	Medium	Not affected

References
https://www.mozilla.org/security/advisories/mfsa2021-38/ https://www.mozilla.org/security/advisories/mfsa2021-41/ https://www.mozilla.org/security/advisories/mfsa2021-42/ https://bugzilla.mozilla.org/show_bug.cgi?id=1721107

References

https://www.mozilla.org/security/advisories/mfsa2021-38/
https://www.mozilla.org/security/advisories/mfsa2021-41/
https://www.mozilla.org/security/advisories/mfsa2021-42/
https://bugzilla.mozilla.org/show_bug.cgi?id=1721107