CVE-2021-43536

Details

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Affected Packages

Firefox

Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTS

Fixed in:

95

Mozilla Firefox

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

95

Mozilla Firefox ESR

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

91.4.0

Firefox ESR

macOS 14macOS 15macOS 26

Fixed in:

91.4.0

References

WEB

https://bugzilla.mozilla.org/show_bug.cgi?id=1730120

WEB

https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html

WEB

https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html

ADVISORY

https://security.gentoo.org/glsa/202202-03

ADVISORY

https://security.gentoo.org/glsa/202208-14

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-43536

ADVISORY

https://www.debian.org/security/2021/dsa-5026

ADVISORY

https://www.debian.org/security/2022/dsa-5034

WEB

https://www.mozilla.org/security/advisories/mfsa2021-52/

WEB

https://www.mozilla.org/security/advisories/mfsa2021-53/

WEB

https://www.mozilla.org/security/advisories/mfsa2021-54/