Add a missing bug to the advisory
This commit is contained in:
Родитель
363aed139a
Коммит
f86029c3f3
|
@ -10,7 +10,7 @@ advisories:
|
||||||
impact: high
|
impact: high
|
||||||
reporter: Amy Burnett working with Include Security
|
reporter: Amy Burnett working with Include Security
|
||||||
description: |
|
description: |
|
||||||
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.
|
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.
|
||||||
<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*
|
<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*
|
||||||
bugs:
|
bugs:
|
||||||
- url: 1712242, 1708767, 1712240, 1708544, 1729259
|
- url: 1712242, 1708767, 1712240, 1708544, 1729259
|
||||||
|
@ -27,10 +27,18 @@ advisories:
|
||||||
impact: moderate
|
impact: moderate
|
||||||
reporter: James Lee
|
reporter: James Lee
|
||||||
description: |
|
description: |
|
||||||
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
|
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
|
||||||
<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*
|
<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*
|
||||||
bugs:
|
bugs:
|
||||||
- url: 1721107
|
- url: 1721107
|
||||||
|
CVE-2021-4221:
|
||||||
|
title: Address bar spoofing on Firefox for Android due to RTL characters
|
||||||
|
impact: moderate
|
||||||
|
reporter: Rohan Sharma
|
||||||
|
description: |
|
||||||
|
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022.
|
||||||
|
bugs:
|
||||||
|
- url: 1704422
|
||||||
CVE-2021-38493:
|
CVE-2021-38493:
|
||||||
title: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
|
title: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
|
||||||
impact: high
|
impact: high
|
||||||
|
|
Загрузка…
Ссылка в новой задаче