CVE-2021-29993: 
NixOS vulnerability analysis and mitigation

Firefox for Android contained a vulnerability (CVE-2021-29993) that allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. The vulnerability was discovered by Amy Burnett working with Include Security and affected Firefox versions prior to 92.0. This security issue was specific to Firefox for Android, with other operating systems remaining unaffected (Mozilla Advisory).

The vulnerability received a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. The issue involved improper handling of the intent:// protocol in Firefox for Android, which could be exploited through malicious navigation attempts (NVD).

The vulnerability could lead to crashes and user interface spoofing attacks when exploited. The high CVSS score indicates significant potential impact on system integrity and availability, though confidentiality was not affected (Mozilla Advisory, NVD).

The vulnerability was fixed in Firefox 92.0 for Android. Users were advised to update their Firefox for Android installations to version 92.0 or later to mitigate this security issue (Mozilla Advisory).