CVE-2021-29958Missing Authorization in Mozilla Firefox FOR IOS

CWE-862Missing AuthorizationCWE-668Resource Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedJun 24
Latest updateMay 24

Description

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDmozilla/firefox< 34.0
CVEListV5mozilla/firefox_for_iosunspecified34

🔴Vulnerability Details

2
GHSA
GHSA-5j3q-vmj5-h7fx: When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being sha2022-05-24
CVEList
CVE-2021-29958: When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being sha2021-06-24

📋Vendor Advisories

2
Debian
CVE-2021-29958: firefox - When a download was initiated, the client did not check whether it was in normal...2021
Mozilla
Mozilla Foundation Security Advisory 2021-25: CVE-2021-29958
CVE-2021-29958 — Missing Authorization in Mozilla | cvebase