CVE-2021-29953

CWE-79Cross-site Scripting (XSS)6 documents6 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 39.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Firefox FOR Android
Timeline
PublishedJun 24
Latest updateMay 24

Description

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5mozilla/firefox_for_androidunspecified88.1.3
CVEListV5mozilla/firefoxunspecified88.0.1
NVDmozilla/firefox< 88.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-wpmv-r36p-cg3f: A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resul2022-05-24
CVEList
CVE-2021-29953: A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resul2021-06-24

📋Vendor Advisories

3
Red Hat
Mozilla: Universal Cross-Site Scripting2021-05-05
Debian
CVE-2021-29953: firefox - A malicious webpage could have forced a Firefox for Android user into executing ...2021
Mozilla
Mozilla Foundation Security Advisory 2021-20: CVE-2021-29953
CVE-2021-29953 (MEDIUM CVSS 6.1) | A malicious webpage could have forc | cvebase.io