{"api_version":"1","generated_at":"2026-04-23T04:10:48+00:00","cve":"CVE-2021-43544","urls":{"html":"https://cve.report/CVE-2021-43544","api":"https://cve.report/api/cve/CVE-2021-43544.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43544","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43544"},"summary":{"title":"CVE-2021-43544","description":"When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2021-12-08 22:15:00","updated_at":"2021-12-10 13:33:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739934","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739934","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.mozilla.org/security/advisories/mfsa2021-52/","name":"https://www.mozilla.org/security/advisories/mfsa2021-52/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 95 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43544","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43544","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"43544","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43544","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-43544","qid":"376143","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2021-52)"},{"cve":"CVE-2021-43544","qid":"502687","title":"Alpine Linux Security Update for firefox"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-43544","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"95","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Receiving a malicious URL as text through a SEND intent could have led to XSS"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2021-52/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2021-52/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739934","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1739934"}]},"description":{"description_data":[{"lang":"eng","value":"When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95."}]}},"nvd":{"publishedDate":"2021-12-08 22:15:00","lastModifiedDate":"2021-12-10 13:33:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"95.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43544","Ordinal":"220611","Title":"CVE-2021-43544","CVE":"CVE-2021-43544","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43544","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}