摘要:
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
安全等级: Low
公告ID: KylinSec-SA-2022-1814
发布日期: 2022年8月5日
关联CVE: CVE-2021-38492
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-38492 | KY3.4-4A | firefox | Unaffected |
| CVE-2021-38492 | KY3.4-5 | firefox | Unaffected |
| CVE-2021-38492 | KY3.5.1 | firefox | Unaffected |
