CVE-2021-38492 - log back

CVE-2021-38492 created at 09 Sep 2021 11:57:46
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary command execution
Description
+ When delegating navigations to the operating system, Firefox before version 91.1 and Thunderbird before version 78.14 would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
+
+ This bug only affects Firefox for Windows. Other operating systems are unaffected.
References
+ https://www.mozilla.org/security/advisories/mfsa2021-38/
+ https://www.mozilla.org/security/advisories/mfsa2021-41/
+ https://www.mozilla.org/security/advisories/mfsa2021-42/
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1721107
Notes
CVE-2021-38492 deleted at 08 Sep 2021 09:19:02
Severity
- Unknown
Remote
- Unknown
Type
- Unknown
Description
References
Notes
CVE-2021-38492 created at 08 Sep 2021 09:18:31