Ubuntu.comUB:CVE-2021-43533CVE-2021-43533
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.4%
When parsing internationalized domain names, high bits of the characters in
the URLs were sometimes stripped, resulting in inconsistencies that could
lead to user confusion or attacks such as phishing. This vulnerability
affects Firefox < 94.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
References
bugzilla.mozilla.org/show_bug.cgi?id=1724233
launchpad.net/bugs/cve/CVE-2021-43533
nvd.nist.gov/vuln/detail/CVE-2021-43533
security-tracker.debian.org/tracker/CVE-2021-43533
www.cve.org/CVERecord?id=CVE-2021-43533
www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533
www.mozilla.org/security/advisories/mfsa2021-48/
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.4%