Medium severity4.3NVD Advisory· Published Dec 8, 2021· Updated Jun 17, 2026
CVE-2021-43531
CVE-2021-43531
Description
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox < 94.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<94+ 1 more
- (no CPE)range: <94
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions RequiredVendor Advisory
- www.mozilla.org/security/advisories/mfsa2021-48/nvdVendor Advisory
News mentions
0No linked articles in our index yet.