CVE-2021-23957 - Navigations through the Android-specific `intent` URL scheme could have been misused to escape ifram

CVE-2021-23957

Summary

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1584582
https://www.mozilla.org/security/advisories/mfsa2021-03/

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:80.0:*:*:*:*:android:*:*
cpe:2.3:a:mozilla:firefox:80.0:*:*:*:*:android:*:*
cpe:2.3:a:mozilla:firefox:83.0:*:*:*:*:android:*:*
cpe:2.3:a:mozilla:firefox:83.0:*:*:*:*:android:*:*
cpe:2.3:a:mozilla:firefox:84.0:*:*:*:*:android:*:*
cpe:2.3:a:mozilla:firefox:84.0:*:*:*:*:android:*:*

CVSS

Base:	4.3 (as of 03-03-2021 - 18:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

Last major update

03-03-2021 - 18:00

Published

26-02-2021 - 03:15

Last modified

03-03-2021 - 18:00