Add a missing bug to the advisory

This commit is contained in:
Tom Ritter 2022-02-18 09:42:05 -05:00
Родитель 363aed139a
Коммит f86029c3f3
1 изменённых файлов: 10 добавлений и 2 удалений

Просмотреть файл

@ -10,7 +10,7 @@ advisories:
impact: high impact: high
reporter: Amy Burnett working with Include Security reporter: Amy Burnett working with Include Security
description: | description: |
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.
<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.* <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*
bugs: bugs:
- url: 1712242, 1708767, 1712240, 1708544, 1729259 - url: 1712242, 1708767, 1712240, 1708544, 1729259
@ -27,10 +27,18 @@ advisories:
impact: moderate impact: moderate
reporter: James Lee reporter: James Lee
description: | description: |
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.* <br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*
bugs: bugs:
- url: 1721107 - url: 1721107
CVE-2021-4221:
title: Address bar spoofing on Firefox for Android due to RTL characters
impact: moderate
reporter: Rohan Sharma
description: |
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022.
bugs:
- url: 1704422
CVE-2021-38493: CVE-2021-38493:
title: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 title: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
impact: high impact: high