CVE-2021-43544
MEDIUMFirefox < 95.0 - Cross-Site Scripting via SEND Intent URL Handling
Title source: llmDescription
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-52/
Issue Tracking, Permissions Required x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1739934
Scores
CVSS v3
6.1
EPSS
0.0038
EPSS Percentile
59.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mozilla/firefox
< 95.0
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026