Add a missing bug to the advisory

announce/2021/mfsa2021-38.yml

@@ -10,7 +10,7 @@ advisories:
     impact: high
     reporter: Amy Burnett working with Include Security
     description: |
-      Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.
+      Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.
       <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*
     bugs:
       - url: 1712242, 1708767, 1712240, 1708544, 1729259
@@ -27,10 +27,18 @@ advisories:
     impact: moderate
     reporter: James Lee
     description: |
-      When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
+      When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
       <br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*
     bugs:
       - url: 1721107
+  CVE-2021-4221:
+    title: Address bar spoofing on Firefox for Android due to RTL characters
+    impact: moderate
+    reporter: Rohan Sharma
+    description: |
+      If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022.
+    bugs:
+      - url: 1704422
   CVE-2021-38493:
     title: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
     impact: high